feat: 风险分定时衰减 + 密码提示修复 + 浏览器池API + next回跳

1. 风险分衰减定时任务: - services/scheduler.py: 每天 CST 04:00 自动执行 decay_scores() - 支持 RISK_SCORE_DECAY_TIME_CST 环境变量覆盖 2. 密码长度提示统一为8位: - app-frontend/src/pages/RegisterPage.vue - app-frontend/src/layouts/AppLayout.vue - admin-frontend/src/pages/SettingsPage.vue - templates/register.html 3. 浏览器池统计API: - GET /yuyx/api/browser_pool/stats - 返回 worker 状态、队列等待数等信息 - browser_pool_worker.py: 增强 get_stats() 方法 4. 登录后支持 next 参数回跳: - app-frontend/src/pages/LoginPage.vue: 检查 ?next= 参数 - 仅允许站内路径（防止开放重定向） 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-27 18:28:21 +08:00
parent 3d9dba272e
commit 1b20478a08
49 changed files with 305 additions and 160 deletions
--- a/services/scheduler.py
+++ b/services/scheduler.py
@@ -150,6 +150,16 @@ def scheduled_task_worker() -> None:
    """定时任务工作线程"""
    import schedule

+    def decay_risk_scores():
+        """风险分衰减：每天定时执行一次"""
+        try:
+            from security.risk_scorer import RiskScorer
+
+            RiskScorer().decay_scores()
+            logger.info("[定时任务] 风险分衰减已执行")
+        except Exception as e:
+            logger.exception(f"[定时任务] 风险分衰减执行失败: {e}")
+
    def cleanup_expired_captcha():
        try:
            deleted_count = safe_cleanup_expired_captcha()
@@ -362,7 +372,12 @@ def scheduled_task_worker() -> None:
        if schedule_time_cst != str(schedule_time_raw or "").strip():
            logger.warning(f"[定时任务] 系统定时时间格式无效，已回退到 {schedule_time_cst} (原值: {schedule_time_raw!r})")

-        signature = (schedule_enabled, schedule_time_cst)
+        risk_decay_time_raw = os.environ.get("RISK_SCORE_DECAY_TIME_CST", "04:00")
+        risk_decay_time_cst = _normalize_hhmm(risk_decay_time_raw, default="04:00")
+        if risk_decay_time_cst != str(risk_decay_time_raw or "").strip():
+            logger.warning(f"[定时任务] 风险分衰减时间格式无效，已回退到 {risk_decay_time_cst} (原值: {risk_decay_time_raw!r})")
+
+        signature = (schedule_enabled, schedule_time_cst, risk_decay_time_cst)
        config_changed = schedule_state.get("signature") != signature
        is_first_run = schedule_state.get("signature") is None
        if (not force) and (not config_changed):
@@ -374,6 +389,8 @@ def scheduled_task_worker() -> None:
        cleanup_time_cst = "03:00"
        schedule.every().day.at(cleanup_time_cst).do(cleanup_old_data)

+        schedule.every().day.at(risk_decay_time_cst).do(decay_risk_scores)
+
        schedule.every().hour.do(cleanup_expired_captcha)

        quota_reset_time_cst = "00:00"
@@ -381,6 +398,7 @@ def scheduled_task_worker() -> None:

        if is_first_run:
            logger.info(f"[定时任务] 已设置数据清理任务: 每天 CST {cleanup_time_cst}")
+            logger.info(f"[定时任务] 已设置风险分衰减: 每天 CST {risk_decay_time_cst}")
            logger.info(f"[定时任务] 已设置验证码清理任务: 每小时执行一次")
            logger.info(f"[定时任务] 已设置SMTP配额重置: 每天 CST {quota_reset_time_cst}")