niuniu/sub2api-cn-relay-manager
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
199 Commits 2 Branches 0 Tags
47ced19c7b840c9af96343cb5dc3f5ded8d018e8
Commit Graph

33 Commits

Author SHA1 Message Date
phamnazage-jpg
85954e516a fix(review): address 2026-06-08 review report issues 
## Fixed

### High-4: CI 与质量门禁不一致
- Add quality-gates job that runs verify_quality_gates.sh
- Fix Docker job: correct binary paths and remove || true
- Replace fake version/help checks with real health endpoint probe

### High-5: 敏感信息持久化到 localStorage
- Add SENSITIVE_FIELDS list to admin-common.js (adminToken, token, password, key, apiKey, etc.)
- writeStoredConfig now filters sensitive fields by default
- Add allowSensitive option for explicit opt-in (default false)
- Add createSensitiveStorageToggle() UI helper with warning banner
- Update admin/index.html placeholder text to remove misleading 不落盘 claim

### Medium-4: JSON 解码错误静默
- Fix scanUserKeys: return error when allowed_models JSON decode fails
- Fix scanOneUserKey: return error when allowed_models JSON decode fails
- Prevents silent data corruption that would show empty model list

## Quality Gates
 go build ./... - PASS
 go test ./internal/... - PASS (all packages)
 bash ./scripts/test/verify_quality_gates.sh - PASS

## Notes
- High-6 (凭证可预测) requires architecture change to store random credentials in DB
- Medium-3 (部署脚本默认值) considered lower priority for current scope
 2026-06-09 09:35:18 +08:00
phamnazage-jpg
4e2ee087fd feat(vNext.4): implement trusted-subject security chain for portal user key self-service 
- Add portal_auth.go: Portal user session auth with HMAC-signed cookies
- Add /api/portal/session/{login,logout,state} endpoints
- Update nginx config template: cookie-to-header trusted proxy pattern
- Update frontend: sync CRM session on login/logout
- Add TRUSTED_SUBJECT_DEPLOY_GUIDE.md with remote43 deployment steps
- Update EXECUTION_BOARD.md: mark trusted-subject blocking issue as resolved

This implements the secure chain:
  Browser → Portal → nginx (cookie→header) → CRM (verify proxy secret)

Required remote43 actions:
1. Generate 64-char hex secret
2. Update .env.crm with TRUSTED_* config
3. Update nginx with cookie map and header injection
4. Restart services

Fixes EXECUTION_BOARD.md 2026-06-08 blocking issue
 2026-06-09 07:48:03 +08:00
phamnazage-jpg
c86c8a17ca feat(v3): add CRM gateway /v1/chat/completions with key auth + governance check
Some checks failed
CI / Build & Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / Docker Build (push) Has been cancelled
Details
CI / Release (push) Has been cancelled
Details 
- POST /v1/chat/completions public route on CRM (not host pass-through)
- Bearer token → sha256 fingerprint → ListByFingerprint → governance check
- paused → 403 forbidden, retired/deleted → 403
- ProxyRouteChatCompletions to upstream
- NewAPIHandler/NewAPIHandlerWithAuth: optional dsn param for gateway SQLite access
- ListByFingerprint in user_keys_repo
 2026-06-07 12:19:24 +08:00
phamnazage-jpg
5b59ad7490 feat(vnext2): close user key self-service on real host
Some checks failed
CI / Build & Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / Docker Build (push) Has been cancelled
Details
CI / Release (push) Has been cancelled
Details
2026-06-05 19:58:02 +08:00
phamnazage-jpg
596a2a110c feat(vnext2): add user key self-service skeleton
Some checks failed
CI / Build & Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / Docker Build (push) Has been cancelled
Details
CI / Release (push) Has been cancelled
Details 
- PORTAL_KEY_EXPERIENCE.md: review from pending to approved
- KEY_SELF_SERVICE_API.md: review from pending to approved
- 0015_user_keys.sql: migration for key_records table
- user_keys_repo.go + test: SQLite repo (Create/ListByOwner/GetByID/UpdateStatus)
- key_self_service.go: HTTP handlers (POST/GET /api/keys, pause/resume/delete)
- key_self_service_svc.go: action wiring (buildUserKeyHandler)
- registered in ActionSet + NewAPIHandlerWithAuth

Note: full user auth requires host+CRM co-deployment.
Current skeleton accepts Bearer token for testing.
 2026-06-05 11:45:17 +08:00
phamnazage-jpg
4ec9dad44f test: 修 build-broken edge-case 测试
Some checks failed
CI / Build & Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / Docker Build (push) Has been cancelled
Details
CI / Release (push) Has been cancelled
Details 
- internal/store/sqlite/edge_cases_test.go: 把错误的 sqlite.New 调用换成
  实际存在的 sqlite.Open(ctx, dsn),清掉阻塞 `go test ./internal/...`
  的 build 失败
- internal/host/sub2api/edge_cases_test.go: gofmt
- internal/worker/runner_extra_test.go: TestRunnerLoggerCalled 加
  sync.Mutex 保护 logger 写入的共享状态;测试结束前 cancel 并留 20ms
  flush 窗口,避免 -race 检测到 goroutine 仍在写

验证: gofmt -l . 干净,go vet ./... 零警告,
go test -race -count=1 ./internal/... 全包通过,集成测试通过
 2026-06-02 20:38:29 +08:00
phamnazage-jpg
133da2d442 test: M-03 添加边界测试 
- 添加大量数据边界测试(100条记录)
- 添加特殊字符 PackID 边界测试
- 添加空字段验证边界测试
 2026-06-02 06:58:45 +08:00
phamnazage-jpg
08f7db1bc2 test: M-01 替换测试代码中的 panic 为 t.Fatal 
- packs_repo_test.go: panic → t.Fatal
- providers_repo_test.go: panic → t.Fatal
 2026-06-02 06:56:30 +08:00
phamnazage-jpg
64e14ac30d test(quality): cover repo upsert fallback branches 2026-05-30 18:54:07 +08:00
phamnazage-jpg
9e32a24f8c test(quality): cover upsert validation and redis open branches 2026-05-30 18:48:20 +08:00
phamnazage-jpg
f895eb9035 test(quality): cover sqlite redis and overlay edge branches 2026-05-30 18:28:03 +08:00
phamnazage-jpg
6bbd55111c test(quality): cover routing sqlite overlay hotspots 2026-05-30 17:22:11 +08:00
phamnazage-jpg
15b7437edd feat(status): suppress false negative provider readiness 2026-05-30 14:42:51 +08:00
phamnazage-jpg
ef33762db5 feat(portal): add logical group packaging config 2026-05-30 10:54:32 +08:00
phamnazage-jpg
3bfd4cfc1c feat(portal): add logical group guidance config 2026-05-30 10:38:59 +08:00
phamnazage-jpg
649eb13f30 feat(accounts): add explicit route binding workflow 2026-05-29 19:07:01 +08:00
phamnazage-jpg
d8d9e6e170 fix(accounts): tolerate ambiguous shadow bindings 2026-05-29 15:58:37 +08:00
phamnazage-jpg
c982c595b8 feat(accounts): add provider account admin view 2026-05-29 15:50:28 +08:00
phamnazage-jpg
b5343452cb feat(accounts): add provider account inventory api 2026-05-29 14:43:34 +08:00
phamnazage-jpg
6e0bd59e56 feat(routing): add route log writer and admin api 2026-05-28 21:24:05 +08:00
phamnazage-jpg
2818892255 feat(routing): add logical group admin api 2026-05-28 15:57:34 +08:00
phamnazage-jpg
7f75d8a670 feat(routing): add logical group schema foundation 2026-05-28 15:26:16 +08:00
phamnazage-jpg
8d7aa925df feat(admin): persist provider drafts in crm 2026-05-27 21:49:12 +08:00
phamnazage-jpg
ebd86a4256 feat(batch): add live reuse admin verification flow 2026-05-27 20:23:42 +08:00
phamnazage-jpg
c1172d7714 fix: harden deepseek official remote43 import closure 2026-05-27 07:56:24 +08:00
phamnazage-jpg
5e76fb20d0 Harden host deletion and test stability 2026-05-25 07:30:07 +08:00
phamnazage-jpg
bcc67c4a8a Expand coverage for runtime and sqlite paths 2026-05-23 10:55:57 +08:00
phamnazage-jpg
cfa1eaa904 Complete batch import v2 runtime and host capability recovery 2026-05-23 09:18:02 +08:00
phamnazage-jpg
a77a47024c feat(store): complete v2 runtime state repositories 2026-05-22 14:37:08 +08:00
phamnazage-jpg
d68fb9daa3 feat(store): scaffold batch import run repos 2026-05-22 13:50:50 +08:00
phamnazage-jpg
85d495dd16 feat(control-plane): harden host-scoped reconcile and acceptance evidence 
- add batch-scoped reconcile_runs persistence and queries
- route batch detail and reconcile writes through batch_id/host_id
- refresh production boards with host-scope acceptance artifacts
- include latest real-host acceptance evidence for self_service and subscription
 2026-05-18 22:22:22 +08:00
phamnazage-jpg
71cbaf5fa6 test(project): achieve ≥70% package coverage across all internal packages 
- store/sqlite: 75.4% (repos + db coverage)
- host/sub2api: 80.8% (httptest mock server, pure function tests)
- app: 74.2% (handler error paths, NewActionSet closures)
- pack: 72.4%
- provision: 75.2%
- access: 77.3%
- config: 94.7% (lookup mock tests)

All tests pass: build, vet, race, coverage gates.
 2026-05-15 19:26:25 +08:00
phamnazage-jpg
a1d7007397 feat: add state store migrations and repositories 2026-05-12 23:25:02 +08:00