lafay
|
bdfcbdadea
|
fix(cors): add admin.littlelan.cn and browser.littlelan.cn, support *.littlelan.cn subdomains
Build Backend / build (push) Successful in 12m24s
Build Backend / build-docker (push) Successful in 13m8s
|
2026-03-19 22:46:21 +08:00 |
|
lafay
|
b0f209fdf8
|
fix(security): security audit fixes for API vulnerabilities
Build Backend / build (push) Successful in 4m47s
Build Backend / build-docker (push) Successful in 2m22s
Security fixes:
- Fix sensitive data exposure: UserResponse no longer contains email/phone
- Add UserSelfResponse for authenticated user's own data
- Protect Gorse endpoints with admin role requirement
- Add rate limiting (10 req/min) to auth endpoints
- Fix CORS configuration to use allowed origins list
- Add pagination parameter validation (max 100 per page)
Changes:
- dto/dto.go: Add UserSelfResponse type
- dto/user_converter.go: Add ConvertUserToSelfResponse
- handler/user_handler.go: Use secure response types
- middleware/cors.go: Implement origin whitelist
- middleware/ratelimit.go: Enhance rate limiter
- router/router.go: Add auth rate limit, protect Gorse
- service/admin_*.go: Use ConvertUserToResponse
|
2026-03-19 13:49:51 +08:00 |
|
lan
|
86ef150fec
|
Replace websocket flow with SSE support in backend.
Update handlers, services, router, and data conversion logic to support server-sent events and related message pipeline changes.
Made-with: Cursor
|
2026-03-10 12:58:23 +08:00 |
|
lan
|
4d8f2ec997
|
Initial backend repository commit.
Set up project files and add .gitignore to exclude local build/runtime artifacts.
Made-with: Cursor
|
2026-03-09 21:28:58 +08:00 |
|