User db307b0d0f fix(security): add SQL injection defense for CREATE DATABASE ...

Add quoteIdentifier() function to safely quote PostgreSQL identifiers
following PostgreSQL's quoting rules (wrap in double quotes, escape
internal quotes by doubling).

This provides defense-in-depth for the CREATE DATABASE statement,
complementing the existing validateDBName() input validation.

Changes:
- Add quoteIdentifier() function with proper escaping
- Use quoted identifier in CREATE DATABASE statement
- Add comprehensive unit tests for quoteIdentifier()

2026-04-16 20:28:36 +08:00

..

cmd

feat: add Sora admin backend and fix type inconsistencies

2026-04-16 09:20:23 +08:00

ent

feat: merge sub2apipro features and add Chinese model pricing

2026-04-15 12:02:07 +08:00

internal

fix(security): add SQL injection defense for CREATE DATABASE

2026-04-16 20:28:36 +08:00

migrations

fix(migrations): add 097 to restore settings.updated_at default

2026-04-13 23:09:26 +08:00

resources/model-pricing

feat: merge sub2apipro features and add Chinese model pricing

2026-04-15 12:02:07 +08:00

.dockerignore

…

.golangci.yml

fix(ci): 精简golangci-lint配置解决v2.11超时问题

2026-03-07 15:17:16 +08:00

Dockerfile

build(工具链): 升级 Go 到 1.25.7

2026-02-06 07:41:23 +08:00

go.mod

feat: add webhook notification service and refactor data management

2026-04-15 23:03:48 +08:00

go.sum

feat: add webhook notification service and refactor data management

2026-04-15 23:03:48 +08:00

Makefile

feat(sync): full code sync from release

2026-02-28 15:01:20 +08:00