long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36 Commits 3 Branches 0 Tags
c2096ff008f0acf2e08eef14556a801e5cfdc4b9
Commit Graph

7 Commits

Author SHA1 Message Date
long-agent
c2096ff008 fix: wrap AssignRoles in transaction and eliminate N+1 queries 
- AssignRoles: wrap DeleteByUserID + BatchCreate in DB transaction (P1)
- GetUserRoles: use GetByIDs batch query instead of per-role GetByID loop (N+1 fix)
- ListAdmins: use GetByIDs batch query instead of per-user GetByID loop (N+1 fix)
- Add WithTx/DB methods to UserRoleRepository for transaction support
- Add GetByIDs to UserRepository (batch user lookup)
- Add .gitattributes to normalize line endings to LF (P2)
 2026-04-11 10:32:33 +08:00
long-agent
8c1cf54213 fix: resolve P0 stub/false-positive issues found in SENIOR_DEV_REVIEW audit 
- Remove dead stub UploadAvatar in user_handler.go (real impl in avatar_handler.go)
- Fix GetAuthCapabilities to call service (was returning hardcoded static JSON, missing admin_bootstrap_required)
- Replace AdminRoleID=1 hardcoded constant with getAdminRoleID(ctx) dynamic lookup by code="admin"
- Fix double Argon2id hash computation in ChangePassword (hash once, reuse)
- Add PredefinedRoles seed to newIsolatedDB test infrastructure (fixes broken ADMIN_* tests)
 2026-04-11 10:27:29 +08:00
long-agent
dbff591039 fix: update admin flows and review report 2026-04-10 08:09:48 +08:00
long-agent
12a5be9826 fix: suppress gosec G115/G118 false positive warnings 
- G115 (integer overflow): Added nosec comments for safe type conversions
  where values are bounded by design (e.g., rng.Intn(255) returns 0-254)
- G118 (context.Background): Added nosec for intentional async goroutines
  that use WithTimeout for bounded execution after request completes

Note: G101 (hardcoded credentials) warnings are low-confidence false
positives - OAuth fields use getEnv() to read from environment.
 2026-04-08 22:50:42 +08:00
long-agent
a85d822419 fix: 统一API响应格式并修复前端测试 
- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档
 2026-04-08 20:06:54 +08:00
long-agent
5ca3633be4 feat: 系统全面优化 - 设备管理/登录日志导出/性能监控/设置页面 
后端:
- 新增全局设备管理 API(DeviceHandler.GetAllDevices)
- 新增登录日志导出功能(LogHandler.ExportLoginLogs, CSV/XLSX)
- 新增设置服务(SettingsService)和设置页面 API
- 设备管理支持多条件筛选(状态/信任状态/关键词)
- 登录日志支持流式导出防 OOM
- 操作日志支持按方法/时间范围搜索
- 主题配置服务(ThemeService)
- 增强监控健康检查(Prometheus metrics + SLO)
- 移除旧 ratelimit.go(已迁移至 robustness)
- 修复 SocialAccount NULL 扫描问题
- 新增 API 契约测试、Handler 测试、Settings 测试

前端:
- 新增管理员设备管理页面(DevicesPage)
- 新增管理员登录日志导出功能
- 新增系统设置页面(SettingsPage)
- 设备管理支持筛选和分页
- 增强 HTTP 响应类型

测试:
- 业务逻辑测试 68 个(含并发 CONC_001~003)
- 规模测试 16 个(P99 百分位统计)
- E2E 测试、集成测试、契约测试
- 性能基准测试、鲁棒性测试

全面测试通过(38 个测试包)
 2026-04-07 12:08:16 +08:00
long-agent
dcc1f186f8 feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers 2026-04-02 11:19:50 +08:00