lafay
bdfcbdadea
fix(cors): add admin.littlelan.cn and browser.littlelan.cn, support *.littlelan.cn subdomains
Build Backend / build (push) Successful in 12m24s
Build Backend / build-docker (push) Successful in 13m8s
2026-03-19 22:46:21 +08:00
lafay
b0f209fdf8
fix(security): security audit fixes for API vulnerabilities
...
Build Backend / build (push) Successful in 4m47s
Build Backend / build-docker (push) Successful in 2m22s
Security fixes:
- Fix sensitive data exposure: UserResponse no longer contains email/phone
- Add UserSelfResponse for authenticated user's own data
- Protect Gorse endpoints with admin role requirement
- Add rate limiting (10 req/min) to auth endpoints
- Fix CORS configuration to use allowed origins list
- Add pagination parameter validation (max 100 per page)
Changes:
- dto/dto.go: Add UserSelfResponse type
- dto/user_converter.go: Add ConvertUserToSelfResponse
- handler/user_handler.go: Use secure response types
- middleware/cors.go: Implement origin whitelist
- middleware/ratelimit.go: Enhance rate limiter
- router/router.go: Add auth rate limit, protect Gorse
- service/admin_*.go: Use ConvertUserToResponse
2026-03-19 13:49:51 +08:00
lafay
5d6c982c9c
refactor: replace standard log with zap logger and optimize code patterns
...
- Migrate all log.Printf/log.Println calls to structured zap logging
- Use cmp.Or for cleaner default value handling
- Replace manual loops with slices.ContainsFunc/IndexFunc
- Add batch query methods (IsLikedBatch, IsFavoritedBatch) to solve N+1 problem
- Update JSON tags from omitempty to omitzero for numeric fields
- Use errgroup-style wg.Go for worker goroutines
- Remove duplicate casbin/v2 dependency (keeping v3)
- Add plans/ to gitignore
2026-03-17 00:47:17 +08:00
lan
ebd9cb8b04
feat: 添加日志管理和敏感词过滤功能
...
- 新增日志管理模块:操作日志、登录日志、数据变更日志
- 新增敏感词过滤器 (sanitizer)
- 新增日志异步写入管理器
- 新增日志定时清理服务
- 优化帖子相关服务和上传服务
2026-03-15 02:25:10 +08:00
lan
ae5b997924
feat(auth): add Casbin RBAC and user activity tracking
...
Integrate Casbin for role-based access control with admin routes for role management. Add user activity logging service to track login and refresh events. Refactor audit service to use AI-based content moderation.
2026-03-14 02:09:38 +08:00
lan
86ef150fec
Replace websocket flow with SSE support in backend.
...
Update handlers, services, router, and data conversion logic to support server-sent events and related message pipeline changes.
Made-with: Cursor
2026-03-10 12:58:23 +08:00
lan
4c0177149a
Clean backend debug logging and standardize error reporting.
...
This removes verbose trace output in handlers/services and keeps only actionable error-level logs.
2026-03-09 22:20:44 +08:00
lan
4d8f2ec997
Initial backend repository commit.
...
Set up project files and add .gitignore to exclude local build/runtime artifacts.
Made-with: Cursor
2026-03-09 21:28:58 +08:00