lijiaoqiao

Author	SHA1	Message	Date
Your Name	2e0f6e29aa	fix(supply-api): restore uncached build health	2026-04-17 16:20:34 +08:00
Your Name	ad776e4079	fix: P0/P1 security fixes across gateway, token-runtime, and supply-api P0 fixes: - platform-token-runtime: Add store.Save() after Refresh token update (P0-3) - platform-token-runtime: Add sync.RWMutex to InMemoryRuntimeStore (P0-4) - platform-token-runtime: Add bearer token auth to /audit-events endpoint (P0-5) - gateway: Fail startup in production if PASSWORD_ENCRYPTION_KEY uses default (P0-1) - gateway: Require explicit CORS_ALLOW_ORIGINS in production (P0-2) P1 fixes: - gateway: Add TrustedProxies config field + env var GATEWAY_TRUSTED_PROXIES (P1-5) - gateway: Sanitize X-Request-ID header to prevent log injection (P1-6) - gateway: Strip internal error details from error responses to clients (P1-7) - supply-api: Upgrade deriveDEK from trivial byte-rotation to HKDF-SHA256 (P1-1) - supply-api: Reject HS256/HS384/HS512 in production, require RSA (P1-2) Code quality fixes: - supply-api: Add BruteForceMaxAttempts + BruteForceLockoutDuration to AuthConfig (MED-12) - supply-api: Add TrustedProxies to token_auth_middleware (IP spoofing protection) - supply-api: Use shared pathutil.SplitPath instead of duplicate splitPath - supply-api: Fix query_key_reject_middleware call sites with trustedProxies param - gateway: Wire TrustedProxies into AuthMiddlewareConfig and extractClientIP - gateway: Add CORSAllowOrigins to AuthConfig, wire into CORSMiddleware - gateway: Fix CompletionsHandle to have context and RecordResult like ChatCompletions - gateway: Add sanitizeRequestID helper for X-Request-ID log injection prevention - gateway: Add os import for PASSWORD_ENCRYPTION_KEY check - gateway: Add strings import to handler.go for sanitizeRequestID Environment issues documented in TEST_ENVIRONMENT_ISSUES.md	2026-04-17 14:36:02 +08:00
Your Name	f34333dc09	fix: 修复代码审查中发现的P0/P1/P2问题修复内容： 1. P0-01/P0-02: IAM Handler硬编码userID=1问题 - getUserIDFromContext现在从认证中间件的context获取真实userID - 添加middleware.GetOperatorID公开函数 - CheckScope方法添加未认证检查 2. P1-01: 审计服务幂等竞态条件 - 重构锁保护范围，整个检查和插入过程在锁保护下 - 使用defer确保锁正确释放 3. P1-02: 幂等中间件响应码硬编码 - 添加statusCapturingResponseWriter包装器 - 捕获实际的状态码和响应体用于幂等记录 4. P2-01: 事件ID时间戳冲突 - generateEventID改用UUID替代时间戳 5. P2-02: ListScopes硬编码 - 使用model.PredefinedScopes替代硬编码列表所有supply-api测试通过	2026-04-03 12:25:22 +08:00
Your Name	f9fc984e5c	test(iam): 使用TDD方法补充IAM模块测试覆盖 - 创建完整的IAM Service测试文件 (iam_service_real_test.go) - 测试真实 DefaultIAMService 而非 mock - 覆盖 CreateRole, GetRole, UpdateRole, DeleteRole, ListRoles - 覆盖 AssignRole, RevokeRole, GetUserRoles - 覆盖 CheckScope, GetUserScopes, IsExpired - 创建完整的IAM Handler测试文件 (iam_handler_real_test.go) - 测试真实 IAMHandler 使用 httptest - 覆盖路由处理器方法 (handleRoles, handleRoleByCode等) - 覆盖 CreateRole, GetRole, ListRoles, UpdateRole, DeleteRole - 覆盖 AssignRole, RevokeRole, GetUserRoles, CheckScope, ListScopes - 覆盖辅助函数和中间件 - 修复原有代码bug - extractUserID: 修正索引从parts[3]到parts[4] - extractRoleCodeFromUserPath: 修正索引从parts[5]到parts[6] - 修复多余的空格导致的语法问题测试覆盖率: - IAM Handler: 0% -> 85.9% - IAM Service: 0% -> 99.0%	2026-04-03 07:59:12 +08:00
Your Name	89104bd0db	feat(P1/P2): 完成TDD开发及P1/P2设计文档 ## 设计文档 - multi_role_permission_design: 多角色权限设计 (CONDITIONAL GO) - audit_log_enhancement_design: 审计日志增强 (CONDITIONAL GO) - routing_strategy_template_design: 路由策略模板 (CONDITIONAL GO) - sso_saml_technical_research: SSO/SAML调研 (CONDITIONAL GO) - compliance_capability_package_design: 合规能力包设计 (CONDITIONAL GO) ## TDD开发成果 - IAM模块: supply-api/internal/iam/ (111个测试) - 审计日志模块: supply-api/internal/audit/ (40+测试) - 路由策略模块: gateway/internal/router/ (33+测试) - 合规能力包: gateway/internal/compliance/ + scripts/ci/compliance/ ## 规范文档 - parallel_agent_output_quality_standards: 并行Agent产出质量规范 - project_experience_summary: 项目经验总结 (v2) - 2026-04-02-p1-p2-tdd-execution-plan: TDD执行计划 ## 评审报告 - 5个CONDITIONAL GO设计文档评审报告 - fix_verification_report: 修复验证报告 - full_verification_report: 全面质量验证报告 - tdd_module_quality_verification: TDD模块质量验证 - tdd_execution_summary: TDD执行总结依据: Superpowers执行框架 + TDD规范	2026-04-02 23:35:53 +08:00

5 Commits