fix(review): address 2026-06-08 review report issues
## Fixed ### High-4: CI 与质量门禁不一致 - Add quality-gates job that runs verify_quality_gates.sh - Fix Docker job: correct binary paths and remove || true - Replace fake version/help checks with real health endpoint probe ### High-5: 敏感信息持久化到 localStorage - Add SENSITIVE_FIELDS list to admin-common.js (adminToken, token, password, key, apiKey, etc.) - writeStoredConfig now filters sensitive fields by default - Add allowSensitive option for explicit opt-in (default false) - Add createSensitiveStorageToggle() UI helper with warning banner - Update admin/index.html placeholder text to remove misleading 不落盘 claim ### Medium-4: JSON 解码错误静默 - Fix scanUserKeys: return error when allowed_models JSON decode fails - Fix scanOneUserKey: return error when allowed_models JSON decode fails - Prevents silent data corruption that would show empty model list ## Quality Gates ✅ go build ./... - PASS ✅ go test ./internal/... - PASS (all packages) ✅ bash ./scripts/test/verify_quality_gates.sh - PASS ## Notes - High-6 (凭证可预测) requires architecture change to store random credentials in DB - Medium-3 (部署脚本默认值) considered lower priority for current scope
This commit is contained in:
@@ -71,7 +71,9 @@ func scanUserKeys(rows *sql.Rows) ([]UserKeyRecord, error) {
|
||||
k.LastUsedAt = lastUsedAt.String
|
||||
k.ExpiresAt = expiresAt.String
|
||||
if modelsJSON.String != "" {
|
||||
json.Unmarshal([]byte(modelsJSON.String), &k.AllowedModels)
|
||||
if err := json.Unmarshal([]byte(modelsJSON.String), &k.AllowedModels); err != nil {
|
||||
return nil, fmt.Errorf("decode allowed_models for key %s: %w", k.KeyID, err)
|
||||
}
|
||||
}
|
||||
keys = append(keys, k)
|
||||
}
|
||||
@@ -92,7 +94,9 @@ func scanOneUserKey(row *sql.Row) (*UserKeyRecord, error) {
|
||||
k.LastUsedAt = lastUsedAt.String
|
||||
k.ExpiresAt = expiresAt.String
|
||||
if modelsJSON.String != "" {
|
||||
json.Unmarshal([]byte(modelsJSON.String), &k.AllowedModels)
|
||||
if err := json.Unmarshal([]byte(modelsJSON.String), &k.AllowedModels); err != nil {
|
||||
return nil, fmt.Errorf("decode allowed_models for key %s: %w", k.KeyID, err)
|
||||
}
|
||||
}
|
||||
return &k, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user