|
|
10d126ee12
|
docs: 添加系统性优化方案 (P1-P2)
|
2026-04-03 21:08:18 +08:00 |
|
|
|
765a50b7d4
|
fix: 生产安全修复 + Go SDK + CAS SSO框架
安全修复:
- CRITICAL: SSO重定向URL注入漏洞 - 修复redirect_uri白名单验证
- HIGH: SSO ClientSecret未验证 - 使用crypto/subtle.ConstantTimeCompare验证
- HIGH: 邮件验证码熵值过低(3字节) - 提升到6字节(48位熵)
- HIGH: 短信验证码熵值过低(4字节) - 提升到6字节
- HIGH: Goroutine使用已取消上下文 - auth_email.go使用独立context+超时
- HIGH: SQL LIKE查询注入风险 - permission/role仓库使用escapeLikePattern
新功能:
- Go SDK: sdk/go/user-management/ 完整SDK实现
- CAS SSO框架: internal/auth/cas.go CAS协议支持
其他:
- L1Cache实例问题修复 - AuthMiddleware共享l1Cache
- 设备指纹XSS防护 - 内存存储替代localStorage
- 响应格式协议中间件
- 导出无界查询修复
|
2026-04-03 17:38:31 +08:00 |
|
|
|
44e60be918
|
docs: 添加项目全面审查报告(合并版)
|
2026-04-02 13:59:27 +08:00 |
|
|
|
1cba56ea85
|
chore: add remaining files and cleanup
|
2026-04-02 11:48:04 +08:00 |
|
|
|
bbeeb63dfa
|
docs: project docs, scripts, deployment configs, and evidence
|
2026-04-02 11:22:17 +08:00 |
|
|
|
4718980ab5
|
feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs
|
2026-04-02 11:20:20 +08:00 |
|
|
|
dcc1f186f8
|
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
|
2026-04-02 11:19:50 +08:00 |
|
|
|
e59a77bc49
|
Initial commit
|
2026-04-02 03:01:14 +00:00 |
|
