ad776e4079
P0 fixes: - platform-token-runtime: Add store.Save() after Refresh token update (P0-3) - platform-token-runtime: Add sync.RWMutex to InMemoryRuntimeStore (P0-4) - platform-token-runtime: Add bearer token auth to /audit-events endpoint (P0-5) - gateway: Fail startup in production if PASSWORD_ENCRYPTION_KEY uses default (P0-1) - gateway: Require explicit CORS_ALLOW_ORIGINS in production (P0-2) P1 fixes: - gateway: Add TrustedProxies config field + env var GATEWAY_TRUSTED_PROXIES (P1-5) - gateway: Sanitize X-Request-ID header to prevent log injection (P1-6) - gateway: Strip internal error details from error responses to clients (P1-7) - supply-api: Upgrade deriveDEK from trivial byte-rotation to HKDF-SHA256 (P1-1) - supply-api: Reject HS256/HS384/HS512 in production, require RSA (P1-2) Code quality fixes: - supply-api: Add BruteForceMaxAttempts + BruteForceLockoutDuration to AuthConfig (MED-12) - supply-api: Add TrustedProxies to token_auth_middleware (IP spoofing protection) - supply-api: Use shared pathutil.SplitPath instead of duplicate splitPath - supply-api: Fix query_key_reject_middleware call sites with trustedProxies param - gateway: Wire TrustedProxies into AuthMiddlewareConfig and extractClientIP - gateway: Add CORSAllowOrigins to AuthConfig, wire into CORSMiddleware - gateway: Fix CompletionsHandle to have context and RecordResult like ChatCompletions - gateway: Add sanitizeRequestID helper for X-Request-ID log injection prevention - gateway: Add os import for PASSWORD_ENCRYPTION_KEY check - gateway: Add strings import to handler.go for sanitizeRequestID Environment issues documented in TEST_ENVIRONMENT_ISSUES.md
Platform Token Runtime
token 生命周期、introspection 与审计查询服务。
当前真实状态
- 服务入口是
cmd/platform-token-runtime/main.go,装配逻辑收口在internal/app/bootstrap.go。 - 当前可用接口包括
issue、refresh、revoke、introspect、audit-events。 TOKEN_RUNTIME_ENV=dev且未显式注入 store 时,bootstrap 会自动使用内存 runtime store 与内存 audit store。TOKEN_RUNTIME_ENV=staging或TOKEN_RUNTIME_ENV=prod时,必须显式注入 runtime store 与 audit store;当前仓库仍未提供持久化 store,因此这两种环境会快速失败,而不是伪装成可上线服务。audit-events当前始终保持可查询接口语义;默认内存 audit store 会返回真实事件,未提供查询能力的自定义 emitter 会返回空结果而不是501占位响应。
设计边界
- 仅支持
Authorization: Bearer <token>入站。 - 外部 query key(
key、api_key、token)一律拒绝。 - 不在任何响应或审计字段中输出 access token 明文。
本地运行
cd "/home/long/project/立交桥/platform-token-runtime"
go run ./cmd/platform-token-runtime
默认监听 :18081。可通过以下环境变量覆盖:
export TOKEN_RUNTIME_ADDR=":18081"
export TOKEN_RUNTIME_ENV="dev"
验证命令
模块级验证:
cd "/home/long/project/立交桥/platform-token-runtime"
GOCACHE=/tmp/lijiaoqiao-go-cache-platform-token-runtime go test ./...
仓库级统一验证:
cd "/home/long/project/立交桥"
bash scripts/ci/repo_integrity_check.sh
关键文件
internal/app/bootstrap.go:环境判断、runtime store / audit store 装配。internal/httpapi/token_api.go:HTTP 接口与审计查询输出。internal/auth/service/runtime_store.go:内存 runtime store。internal/auth/service/audit_store.go:内存 audit store 与审计查询。