niuniu/lijiaoqiao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
222 Commits 4 Branches 0 Tags
bb67f30be0d8e91fb5745dc2d033a67219b9d661
Commit Graph

5 Commits

Author SHA1 Message Date
Your Name
ad776e4079 fix: P0/P1 security fixes across gateway, token-runtime, and supply-api 
P0 fixes:
- platform-token-runtime: Add store.Save() after Refresh token update (P0-3)
- platform-token-runtime: Add sync.RWMutex to InMemoryRuntimeStore (P0-4)
- platform-token-runtime: Add bearer token auth to /audit-events endpoint (P0-5)
- gateway: Fail startup in production if PASSWORD_ENCRYPTION_KEY uses default (P0-1)
- gateway: Require explicit CORS_ALLOW_ORIGINS in production (P0-2)

P1 fixes:
- gateway: Add TrustedProxies config field + env var GATEWAY_TRUSTED_PROXIES (P1-5)
- gateway: Sanitize X-Request-ID header to prevent log injection (P1-6)
- gateway: Strip internal error details from error responses to clients (P1-7)
- supply-api: Upgrade deriveDEK from trivial byte-rotation to HKDF-SHA256 (P1-1)
- supply-api: Reject HS256/HS384/HS512 in production, require RSA (P1-2)

Code quality fixes:
- supply-api: Add BruteForceMaxAttempts + BruteForceLockoutDuration to AuthConfig (MED-12)
- supply-api: Add TrustedProxies to token_auth_middleware (IP spoofing protection)
- supply-api: Use shared pathutil.SplitPath instead of duplicate splitPath
- supply-api: Fix query_key_reject_middleware call sites with trustedProxies param
- gateway: Wire TrustedProxies into AuthMiddlewareConfig and extractClientIP
- gateway: Add CORSAllowOrigins to AuthConfig, wire into CORSMiddleware
- gateway: Fix CompletionsHandle to have context and RecordResult like ChatCompletions
- gateway: Add sanitizeRequestID helper for X-Request-ID log injection prevention
- gateway: Add os import for PASSWORD_ENCRYPTION_KEY check
- gateway: Add strings import to handler.go for sanitizeRequestID

Environment issues documented in TEST_ENVIRONMENT_ISSUES.md
 2026-04-17 14:36:02 +08:00
Your Name
1776862768 refactor(supply-api): remove panic-only helper paths 
Return explicit errors from AlertAPI construction instead of panicking inside the library layer, and let main own process-level failure handling.

Also delete the unused config.MustLoad helper and lock the supported config loading paths with tests.
 2026-04-15 15:38:57 +08:00
Your Name
6d7ef661e6 feat(supply-api): persist audit alerts 2026-04-14 11:52:45 +08:00
Your Name
116eabf427 refactor(httpapi): 统一错误码格式 
1. 创建 error_codes.go 定义标准化错误码常量
2. 替换所有硬编码错误码为常量引用
3. 修复 goroutine 未传递 context 的问题

错误码格式:
- HTTP 层通用错误: SUP_HTTP_XXXX
- 业务错误码: SUP_XXX_NNNN

修复:
- db_token_backend.go: goroutine 使用 ctx 而非 context.Background()

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-12 23:04:59 +08:00
Your Name
d5b5a8ece0 fix: 系统性修复安全问题、性能问题和错误处理 
安全问题修复:
- X-Forwarded-For越界检查(auth.go)
- checkTokenStatus Context参数传递(auth.go)
- Type Assertion安全检查(auth.go)

性能问题修复:
- TokenCache过期清理机制
- BruteForceProtection过期清理
- InMemoryIdempotencyStore过期清理

错误处理修复:
- AuditStore.Emit返回error
- domain层emitAudit辅助方法
- List方法返回空slice而非nil
- 金额/价格负数验证

架构一致性:
- 统一使用model.RoleHierarchyLevels

新增功能:
- Alert API完整实现(CRUD+Resolve)
- pkg/error错误码集中管理
 2026-04-07 07:41:25 +08:00