feat: support anonymous replies (storage + masking + tests) #37

[JoshuaNam]

Changes (Issue #29 + #6)

• Added backend support for marking replies/posts as anonymous
• Persisted anonymous flag (0/1) on posts in the database
• Masked poster identity for non-admin users (uid set to 0, username/display name set to "Anonymous", generic avatar)
• Preserved real author visibility for admins and exposed isAnonymous=true flag
• Ensured non-anonymous posts are unaffected
• Added unit tests covering storage, API masking, admin visibility, topic-level masking, and regression cases

Testing

1. Run the full backend test suite:
   npm run lint
   npm run test

2. Verify:

• Anonymous posts store anonymous=1
• Regular users see masked identity (uid=0, username "Anonymous")
• Admins see real author with isAnonymous=true
• Non-anonymous posts behave normally

4. Confirm all existing tests pass with no regressions

Related Issues

Resolves #6
Resolves #29

[coveralls]

Pull Request Test Coverage Report for Build 22021919621

Details

• 19 of 19 (100.0%) changed or added relevant lines in 5 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.02%) to 78.901%

---

Totals
Change from base Build 21973002465:	0.02%
Covered Lines:	25409
Relevant Lines:	30378

---

💛 - Coveralls

[cirex-web]

hmm the auto-deployment doesn't seem to be working... maybe u need to make a branch in this repo instead of in your fork?

[JoshuaNam]

Hmm alright, I'll make the changes and let you know.

[cirex-web]

why add another anonymous field here?

[JoshuaNam]

Good catch... you're right, isAnonymous is redundant. Admins already have post.anonymous === 1 available directly and no frontend template or client-side JS actually reads isAnonymous. I've removed it from summary.js, topics/posts.js, and api/posts.js and updated the tests to assert on post.anonymous instead.

[cirex-web]

code changes make sense, pretty good

why is anonymous of type number instead of boolean here?

[JoshuaNam]

this is the convention that the other components use

[cirex-web]

which (existing) components?

[JoshuaNam]

This follows the existing NodeBB convention for DB-persisted boolean flags. Specifically: deleted, edited, and uid in PostDataObject (same file, lines 215/227), locked/pinned/scheduled in TopicObject.yaml, and banned/email:confirmed in UserObject.yaml all use type: number with 0/1 values. Since anonymous is stored as 0/1 in the DB and returned as-is (not converted to a boolean in processing code), type: number is consistent here.

[cirex-web]

fair enough

[cirex-web]

where is this code being used in the frontend btw? I see it's being used for the /api/v3/posts/:pid endpoint (see src/routes/write/posts.js), but I can't find the frontend code that calls this endpoint

[JoshuaNam]

You're right that the frontend doesn't call /api/v3/posts/:pid directly for this. The masking in postsAPI.get() works for single-post fetches, but I found a gap: postsAPI.getReplies() (used by the "Show Replies" button via public/src/client/topic/replies.js:17) doesn't apply any anonymous masking. I've fixed this by extracting a shared Posts.anonymizePost() helper and applying it in getReplies() as well, so anonymous authors are masked consistently across all paths.

[cirex-web]

yea that's actualy good