%%{init: {'theme': 'neutral'}}%% sequenceDiagram autonumber participant V as Visitor/User participant FE as Frontend participant BE as Backend API participant DB as Postgres Note over FE,BE: Public list (JWT optional personalizes reactions) FE->>BE: GET /api/v1/comments BE->>BE: JWTOptional BE->>DB: Query comments + aggregates DB-->>BE: Rows BE-->>FE: 200 OK [comments] rect rgba(220,255,220,0.2) Note over V,BE: Create/Edit/Delete comment (protected) FE->>BE: POST /api/v1/comments (RateLimit) BE->>BE: JWTAuth + CSRF BE->>DB: Insert Comment BE-->>FE: 201 Created FE->>BE: PUT /api/v1/comments/:id BE->>BE: JWTAuth + CSRF BE->>DB: Update Comment BE-->>FE: 200 OK FE->>BE: DELETE /api/v1/comments/:id BE->>BE: JWTAuth + CSRF BE->>DB: Delete Comment BE-->>FE: 204 No Content end rect rgba(220,220,255,0.2) Note over V,BE: Reactions & unban/report actions FE->>BE: POST /api/v1/comments/:id/react | DELETE /comments/:id/react BE->>BE: JWTAuth + RateLimit BE->>DB: Insert/Delete reaction BE-->>FE: 200 OK FE->>BE: POST /api/v1/comments/unban-request BE->>BE: JWTAuth + RateLimit BE->>DB: Insert UnbanRequest BE-->>FE: 200 OK FE->>BE: POST /api/v1/comments/:id/report BE->>BE: JWTAuth + RateLimit BE->>DB: Insert CommentReport BE-->>FE: 200 OK end rect rgba(255,240,220,0.2) Note over FE,BE: Admin moderation FE->>BE: GET /api/v1/admin/comments BE->>BE: JWTAuth + RoleAuth(admin) BE->>DB: List with filters BE-->>FE: 200 OK FE->>BE: PATCH /api/v1/admin/comments/:id/status BE->>DB: Update status BE-->>FE: 200 OK FE->>BE: POST /api/v1/admin/comments/ban BE->>DB: Insert CommentBan BE-->>FE: 200 OK FE->>BE: GET /api/v1/admin/comments/bans FE->>BE: POST /api/v1/admin/comments/bans/:id/lift FE->>BE: GET /api/v1/admin/comments/unban-requests FE->>BE: POST /api/v1/admin/comments/unban-requests/:id/resolve end