Files

long-agent 0795e126cc fix: resolve P0 security issues per governance baseline

P0-01: LIKE injection fix in device.go (2 locations)
- Added escapeLikePattern() to prevent LIKE pattern manipulation

P0-03: Token refresh blacklist fail-closed
- RefreshToken() now returns error if cache.Set fails
- Prevents token double-spend on cache failures

P0-05: CORS dangerous default configuration
- Default changed to empty origins, credentials off
- init() panics if default config is dangerous

P0-06: UpdateUser IDOR vulnerability fix
- Added authorization check (self-or-admin)
- Prevents unauthorized user profile modification

Also: Fixed frontend lint errors in device-fingerprint.test.ts and http/index.test.ts

All 518 frontend tests pass, all backend tests pass.

2026-04-18 09:32:54 +08:00

public

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

scripts

test: update playwright script and fix jsdom alert mock

2026-04-11 23:03:04 +08:00

src

fix: resolve P0 security issues per governance baseline

2026-04-18 09:32:54 +08:00

.env.development

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

.env.example

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

.env.production

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

.gitignore

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

eslint.config.js

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

index.html

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

package-lock.json

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

package.json

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

README.md

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

TEST_PLAN.md

docs: update TEST_PLAN.md with completed status

2026-04-18 07:48:19 +08:00

tsconfig.app.json

fix: exclude test files from tsconfig.app.json to resolve TS2304 build error

2026-04-11 23:45:43 +08:00

tsconfig.json

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

tsconfig.node.json

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

vite.config.js

feat: admin frontend - React + Vite, auth pages, user management, roles, permissions, webhooks, devices, logs

2026-04-02 11:20:20 +08:00

vitest.config.js

chore: 完善 Docker 部署配置并修复测试超时

2026-04-08 22:13:46 +08:00

README.md

React + TypeScript + Vite

This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.

Currently, two official plugins are available:

@vitejs/plugin-react uses Oxc
@vitejs/plugin-react-swc uses SWC

React Compiler

The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see this documentation.

Expanding the ESLint configuration

If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:

export default defineConfig([
  globalIgnores(['dist']),
  {
    files: ['**/*.{ts,tsx}'],
    extends: [
      // Other configs...

      // Remove tseslint.configs.recommended and replace with this
      tseslint.configs.recommendedTypeChecked,
      // Alternatively, use this for stricter rules
      tseslint.configs.strictTypeChecked,
      // Optionally, add this for stylistic rules
      tseslint.configs.stylisticTypeChecked,

      // Other configs...
    ],
    languageOptions: {
      parserOptions: {
        project: ['./tsconfig.node.json', './tsconfig.app.json'],
        tsconfigRootDir: import.meta.dirname,
      },
      // other options...
    },
  },
])

You can also install eslint-plugin-react-x and eslint-plugin-react-dom for React-specific lint rules:

// eslint.config.js
import reactX from 'eslint-plugin-react-x'
import reactDom from 'eslint-plugin-react-dom'

export default defineConfig([
  globalIgnores(['dist']),
  {
    files: ['**/*.{ts,tsx}'],
    extends: [
      // Other configs...
      // Enable lint rules for React
      reactX.configs['recommended-typescript'],
      // Enable lint rules for React DOM
      reactDom.configs.recommended,
    ],
    languageOptions: {
      parserOptions: {
        project: ['./tsconfig.node.json', './tsconfig.app.json'],
        tsconfigRootDir: import.meta.dirname,
      },
      // other options...
    },
  },
])