user-system

long-agent/user-system

Fork 0

Commit Graph

Author	SHA1	Message	Date
long-agent	12a5be9826	fix: suppress gosec G115/G118 false positive warnings - G115 (integer overflow): Added nosec comments for safe type conversions where values are bounded by design (e.g., rng.Intn(255) returns 0-254) - G118 (context.Background): Added nosec for intentional async goroutines that use WithTimeout for bounded execution after request completes Note: G101 (hardcoded credentials) warnings are low-confidence false positives - OAuth fields use getEnv() to read from environment.	2026-04-08 22:50:42 +08:00
long-agent	3ae11237ab	fix: P1/P2 优化 - OAuth验证 + API响应 + 缓存击穿 + Webhook关闭 P1 - OAuth auth_url origin 验证: - 添加 validateOAuthUrl() 函数验证 OAuth URL origin - 仅允许同源或可信 OAuth 提供商 - LoginPage 和 ProfileSecurityPage 调用前验证 P2 - API 响应运行时类型验证: - 添加 isApiResponse() 运行时验证函数 - parseJsonResponse 验证响应结构完整性 P2 - 缓存击穿防护 (singleflight): - AuthMiddleware.isJTIBlacklisted 使用 singleflight.Group - 防止 L1 miss 时并发请求同时打 L2 P2 - Webhook 服务优雅关闭: - WebhookService 添加 Shutdown() 方法 - 服务器关闭时等待 worker 完成 - main.go 集成 shutdown 调用	2026-04-03 21:50:51 +08:00
long-agent	dcc1f186f8	feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers	2026-04-02 11:19:50 +08:00

Author

SHA1

Message

Date

long-agent

12a5be9826

fix: suppress gosec G115/G118 false positive warnings

- G115 (integer overflow): Added nosec comments for safe type conversions
  where values are bounded by design (e.g., rng.Intn(255) returns 0-254)
- G118 (context.Background): Added nosec for intentional async goroutines
  that use WithTimeout for bounded execution after request completes

Note: G101 (hardcoded credentials) warnings are low-confidence false
positives - OAuth fields use getEnv() to read from environment.

2026-04-08 22:50:42 +08:00

long-agent

3ae11237ab

fix: P1/P2 优化 - OAuth验证 + API响应 + 缓存击穿 + Webhook关闭

P1 - OAuth auth_url origin 验证:
- 添加 validateOAuthUrl() 函数验证 OAuth URL origin
- 仅允许同源或可信 OAuth 提供商
- LoginPage 和 ProfileSecurityPage 调用前验证

P2 - API 响应运行时类型验证:
- 添加 isApiResponse() 运行时验证函数
- parseJsonResponse 验证响应结构完整性

P2 - 缓存击穿防护 (singleflight):
- AuthMiddleware.isJTIBlacklisted 使用 singleflight.Group
- 防止 L1 miss 时并发请求同时打 L2

P2 - Webhook 服务优雅关闭:
- WebhookService 添加 Shutdown() 方法
- 服务器关闭时等待 worker 完成
- main.go 集成 shutdown 调用

2026-04-03 21:50:51 +08:00

long-agent

dcc1f186f8

feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

2026-04-02 11:19:50 +08:00

3 Commits