fix(portal): restrict similar posts to public boards

[BunsDev]

Motivation

• The public SimilarPostsSection called an unauthenticated findSimilarPostsFn that queried posts without requiring the parent board to be public, which could expose private-board post metadata on public post pages.
• The intent is to prevent information disclosure by ensuring similar-posts results only reference posts from public boards.

Description

• Updated apps/web/src/lib/server/functions/public-posts.ts in findSimilarPostsFn to import eq and join boards in the full-text search path and require eq(boards.isPublic, true) before returning matches.
• Applied the same innerJoin(boards, eq(posts.boardId, boards.id)) + eq(boards.isPublic, true) guard to the vector-search path so both search branches are constrained to public boards.
• Added the public-board filter when resolving board slugs for matched posts by changing the boards lookup to where(and(inArray(boards.id, boardIds), eq(boards.isPublic, true))).

Testing

• Ran git diff --check to validate no whitespace/format issues and it passed.
• Ran typecheck with bun run typecheck which could not complete in this environment because project dependencies/type definitions are not installed, producing missing @testing-library/jest-dom and bun type definition errors.

---

Codex Task

[Copilot]

Pull request overview

This PR closes an information-disclosure gap in the public findSimilarPostsFn by ensuring “similar posts” results only come from posts whose parent board is public, preventing private-board post metadata from appearing on public post pages.

Changes:

• Added boards joins + eq(boards.isPublic, true) guard to the full-text search query branch.
• Applied the same public-board constraint to the vector-search query branch.
• Filtered the board-slug lookup to public boards when hydrating result metadata.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.