✨ Add Advanced Tag-Based Post Filtering with Multi-Tag & Comment Controls

[Copilot]

Overview

This PR implements the complete "Advanced Tag-Based Post Filtering with Multi-Tag & Comment Controls" feature epic, adding three major enhancements to improve post discovery and interaction:

1. Multi-tag filtering with AND/OR logic for advanced search
2. Comment controls to enable/disable comments on posts
3. Guest user restrictions to limit content visibility for unauthenticated users

🎯 Features

1. Multi-Tag Filtering

A new endpoint allows filtering posts by multiple tags with flexible logic:

# Get posts with ANY of the specified tags (OR logic)
GET /api/tags/posts?tags=1,2,3&mode=any

# Get posts with ALL of the specified tags (AND logic)
GET /api/tags/posts?tags=1,2,3&mode=all

Use cases:

• Advanced content discovery
• Topic-based filtering with multiple categories
• Finding posts that match all criteria (tutorials that cover both React AND TypeScript)

2. Comment Controls

Post authors can now control whether comments are allowed on their posts:

// Create a post with comments disabled
POST /api/posts
{
  "title": "Important Announcement",
  "content": "...",
  "commentsEnabled": false
}

// Toggle comments on existing posts
PATCH /api/posts/1
{
  "commentsEnabled": false
}

Use cases:

• Announcements without discussion
• Archived content
• Spam prevention
• Controlled discussions

The API returns 403 Forbidden when attempting to comment on posts with disabled comments.

3. Guest User Restrictions

Optional environment variables to limit what unauthenticated users can see:

# Limit posts visible to guests
GUEST_POST_LIMIT=10

# Limit comments visible to guests per post
GUEST_COMMENT_LIMIT=5

Use cases:

• Encourage user registration
• Prevent content scraping
• Tiered access control

🔄 Database Migration

A new commentsEnabled field has been added to the Post table:

ALTER TABLE `Post` 
ADD COLUMN `commentsEnabled` BOOLEAN NOT NULL DEFAULT true;

Or using Prisma:

npx prisma migrate dev --name add_comments_enabled_to_post

All existing posts will default to commentsEnabled: true, maintaining current behavior.

📊 Technical Details

API Changes

New Endpoints:

• GET /api/tags/posts?tags=<ids>&mode=<any|all> - Multi-tag filtering

Modified Responses:
All post objects now include:

{
  "commentsEnabled": true,
  ...
}

New Error Responses:

• 403 Forbidden - "Comments are disabled for this post"
• 404 Not Found - "One or more tags not found"

Files Changed

• Controllers (3): tag, interaction, post
• Services (3): tag, interaction, post
• Routes (2): tag, interaction
• Schema (1): Prisma schema with new field
• Documentation (1): README.md extensively updated

Code Statistics

• +372 lines added, -74 lines removed (net +298 lines)
• 10 files modified
• Zero breaking changes - fully backward compatible

✅ Quality Assurance

• ✅ All JavaScript files pass syntax validation
• ✅ All modules import correctly
• ✅ CodeQL security scan passed - no new vulnerabilities
• ✅ Prisma schema validated and formatted
• ✅ 100% backward compatible

📚 Documentation

Comprehensive updates to README.md including:

• New endpoint documentation with examples
• Updated existing endpoint docs
• Environment variable reference
• Request/response examples
• Error handling examples

🚀 Deployment

1. Review and merge this PR
2. Run database migration: npx prisma migrate dev --name add_comments_enabled_to_post
3. Optionally set GUEST_POST_LIMIT and GUEST_COMMENT_LIMIT environment variables
4. Deploy and test in staging
5. Deploy to production

🔒 Security

• No new security vulnerabilities introduced (verified by CodeQL)
• Guest restrictions help prevent content scraping
• Comment controls provide spam prevention capabilities
• All existing authentication and authorization checks remain in place

Example Usage

// Frontend: Multi-tag filtering
const posts = await fetch('/api/tags/posts?tags=1,5,12&mode=all')
  .then(r => r.json());

// Frontend: Create post with comments disabled
await fetch('/api/posts', {
  method: 'POST',
  headers: { 
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    title: 'Announcement',
    content: 'Important update',
    commentsEnabled: false
  })
});

// Frontend: Check if comments are enabled
if (!post.commentsEnabled) {
  // Hide comment form
  showMessage('Comments are disabled on this post');
}

Backward Compatibility ✅

All changes are fully backward compatible:

• Existing posts automatically get commentsEnabled: true
• New fields are optional in all requests
• No breaking changes to any existing API calls
• Guest limits only apply when environment variables are set
• Existing client applications continue to work without modifications

---

Closes #[issue-number]

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• checkpoint.prisma.io
  • Triggering command: /usr/local/bin/node /home/REDACTED/work/Backend/Backend/node_modules/prisma/build/child {"product":"prisma","version":"6.14.0","cli_install_type":"local","information":"","local_timestamp":"2025-10-09T15:04:36Z","project_hash":"86700263","cli_path":"/home/REDACTED/work/Backend/Backend/node_modules/.bin/prisma","cli_path_hash":"a595029d","endpoint":"REDACTED","disable":false,"arch":"x64","os":"linux","node_version":"v20.19.5","ci":true,"ci_name":"GitHub Actions","command":"generate --postinstall \"UNABLE_TO_FIND_POSTINSTALL_TRIGGER__ENVAR_MISSING\"","schema_providers":["mysql"],"schema_preview_features":[],"schema_generators_providers":["prisma-client-js"],"cache_file":"/home/REDACTED/.cache/checkpoint-nodejs/prisma-a595029d","cache_duration":43200000,"remind_duration":172800000,"force":false,"timeout":5000,"unref":true,"child_path":"/home/REDACTED/work/Backend/Backend/node_modules/prisma/build/child","client_event_id":"","previous_client_event_id":"","check_if_update_available":true} (dns block)
  • Triggering command: /usr/local/bin/node /home/REDACTED/work/Backend/Backend/node_modules/prisma/build/child {"product":"prisma","version":"6.14.0","cli_install_type":"local","information":"","local_timestamp":"2025-10-09T15:06:09Z","project_hash":"86700263","cli_path":"/home/REDACTED/work/Backend/Backend/node_modules/.bin/prisma","cli_path_hash":"a595029d","endpoint":"REDACTED","disable":false,"arch":"x64","os":"linux","node_version":"v20.19.5","ci":true,"ci_name":"GitHub Actions","command":"migrate dev --name [redacted]","schema_providers":["mysql"],"schema_preview_features":[],"schema_generators_providers":["prisma-client-js"],"cache_file":"/home/REDACTED/.cache/checkpoint-nodejs/prisma-a595029d","cache_duration":43200000,"remind_duration":172800000,"force":false,"timeout":5000,"unref":true,"child_path":"/home/REDACTED/work/Backend/Backend/node_modules/prisma/build/child","client_event_id":"","previous_client_event_id":"","check_if_update_available":true} (dns block)
  • Triggering command: /usr/local/bin/node /home/REDACTED/work/Backend/Backend/node_modules/prisma/build/child {"product":"prisma","version":"6.14.0","cli_install_type":"local","information":"","local_timestamp":"2025-10-09T15:06:19Z","project_hash":"86700263","cli_path":"/home/REDACTED/work/Backend/Backend/node_modules/.bin/prisma","cli_path_hash":"a595029d","endpoint":"REDACTED","disable":false,"arch":"x64","os":"linux","node_version":"v20.19.5","ci":true,"ci_name":"GitHub Actions","command":"generate","schema_providers":["mysql"],"schema_preview_features":[],"schema_generators_providers":["prisma-client-js"],"cache_file":"/home/REDACTED/.cache/checkpoint-nodejs/prisma-a595029d","cache_duration":43200000,"remind_duration":172800000,"force":false,"timeout":5000,"unref":true,"child_path":"/home/REDACTED/work/Backend/Backend/node_modules/prisma/build/child","client_event_id":"","previous_client_event_id":"","check_if_update_available":true} (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>✨ Feature Request: Advanced Tag-Based Post Filtering with Multi-Tag & Comment Controls</issue_title>
<issue_description>📝 Epic: Tag-Based Post Filtering & Guest Restrictions

This epic covers a set of related features to improve post discovery and interaction through tag filtering, multi-tag selection, comment controls, and guest fetch limits.

It is broken down into smaller issues so they can be implemented and reviewed independently.</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #13

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull Request Overview

This PR implements advanced tag-based post filtering with multi-tag support, comment controls, and guest user restrictions. The changes enable more sophisticated content discovery through AND/OR tag filtering logic, allow post authors to disable comments on their posts, and provide optional limits on content visibility for unauthenticated users.

Key Changes:

• Added multi-tag filtering endpoint (GET /api/tags/posts) with configurable AND/OR logic modes
• Implemented commentsEnabled field on posts with validation checks preventing comments on disabled posts
• Added guest user restrictions via environment variables (GUEST_POST_LIMIT, GUEST_COMMENT_LIMIT)

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
services/tag.service.js	Added getPostsByMultipleTags function and guest post limits to existing tag queries
services/post.service.js	Added commentsEnabled parameter to post creation and guest post limits to queries
services/interaction.service.js	Added comment enabled validation and guest comment limits
routes/tag.routes.js	Added new multi-tag filtering route
routes/interaction.routes.js	Changed comment fetching route to use optional authentication
prisma/schema.prisma	Added commentsEnabled boolean field to Post model
controllers/tag.controller.js	Implemented multi-tag filtering controller with validation
controllers/post.controller.js	Added commentsEnabled support to create and update operations
controllers/interaction.controller.js	Added disabled comments error handling and optional auth support
README.md	Documented new endpoints, fields, and environment variables

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The fallback value ?? true is unnecessary since the database field has a default value of true. This fallback should only be used if dealing with legacy data that might have null values. If all posts are guaranteed to have this field set, remove the nullish coalescing to simplify the code.

Suggested change

	commentsEnabled: post.commentsEnabled ?? true,
	commentsEnabled: post.commentsEnabled,

[Copilot]

The fallback value ?? true is unnecessary since the database field has a default value of true. This fallback should only be used if dealing with legacy data that might have null values. If all posts are guaranteed to have this field set, remove the nullish coalescing to simplify the code.

Suggested change

	commentsEnabled: post.commentsEnabled ?? true,
	commentsEnabled: post.commentsEnabled,

[Copilot]

The fallback value ?? true is unnecessary since the database field has a default value of true. This fallback should only be used if dealing with legacy data that might have null values. If all posts are guaranteed to have this field set, remove the nullish coalescing to simplify the code.

Suggested change

	commentsEnabled: post.commentsEnabled ?? true,
	commentsEnabled: post.commentsEnabled,