|
|
3bae759afc
|
Integrate KDocs auto-upload
|
2026-01-07 12:32:41 +08:00 |
|
|
|
4c492122dd
|
feat: support announcement image upload
# Conflicts:
# database.py
# db/migrations.py
# routes/admin_api/core.py
# static/admin/.vite/manifest.json
# static/admin/assets/AnnouncementsPage-Btl9JP7M.js
# static/admin/assets/EmailPage-CwqlBGU2.js
# static/admin/assets/FeedbacksPage-B_qDNL3q.js
# static/admin/assets/LogsPage-DzdymdrQ.js
# static/admin/assets/ReportPage-Bp26gOA-.js
# static/admin/assets/SettingsPage-__r25pN8.js
# static/admin/assets/SystemPage-C1OfxrU-.js
# static/admin/assets/UsersPage-DhnABKcY.js
# static/admin/assets/email-By53DCWv.js
# static/admin/assets/email-ByiJ74rd.js
# static/admin/assets/email-DkWacopQ.js
# static/admin/assets/index-D5wU2pVd.js
# static/admin/assets/tasks-1acmkoIX.js
# static/admin/assets/update-DdQLVpC3.js
# static/admin/assets/users-B1w166uc.js
# static/admin/assets/users-CPJP5r-B.js
# static/admin/assets/users-CnIyvFWm.js
# static/admin/index.html
# static/app/.vite/manifest.json
# static/app/assets/AccountsPage-C48gJL8c.js
# static/app/assets/AccountsPage-D387XNsv.js
# static/app/assets/AccountsPage-DBJCAsJz.js
# static/app/assets/LoginPage-BgK_Vl6X.js
# static/app/assets/RegisterPage-CwADxWfe.js
# static/app/assets/ResetPasswordPage-CVfZX_5z.js
# static/app/assets/SchedulesPage-CWuZpJ5h.js
# static/app/assets/SchedulesPage-Dw-mXbG5.js
# static/app/assets/SchedulesPage-DwzGOBuc.js
# static/app/assets/ScreenshotsPage-C6vX2U3V.js
# static/app/assets/ScreenshotsPage-CreOSjVc.js
# static/app/assets/ScreenshotsPage-DuTeRzLR.js
# static/app/assets/VerifyResultPage-BzGlCgtE.js
# static/app/assets/VerifyResultPage-CN_nr4V6.js
# static/app/assets/VerifyResultPage-CNbQc83z.js
# static/app/assets/accounts-BFaVMUve.js
# static/app/assets/accounts-BYq3lLev.js
# static/app/assets/accounts-Bc9j2moH.js
# static/app/assets/auth-Dk_ApO4B.js
# static/app/assets/index-BIng7uZJ.css
# static/app/assets/index-CDxVo_1Z.js
# static/app/index.html
|
2026-01-06 12:15:16 +08:00 |
|
|
|
89f3fd9759
|
feat: 安全增强 + 删除密码重置申请功能 + 登录提醒开关
安全增强:
- 新增 SSRF、XXE、模板注入、敏感路径探测检测规则
- security/constants.py: 添加新的威胁类型和检测模式
- security/threat_detector.py: 实现新检测逻辑
删除密码重置申请功能:
- 移除 /api/password_resets 相关API
- 删除 password_reset_requests 数据库表
- 前端移除密码重置申请页面和菜单
- 用户只能通过邮��找回密码,未绑定邮箱需联系管理员
登录提醒全局开关:
- email_service.py: 添加 login_alert_enabled 字段
- routes/api_auth.py: 检查开关状态再发送登录提醒
- EmailPage.vue: 添加新设备登录提醒开关
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2025-12-27 12:08:36 +08:00 |
|
|
|
46253337eb
|
feat: 实现完整安全防护系统
Phase 1 - 威胁检测引擎:
- security/threat_detector.py: JNDI/SQL/XSS/路径遍历/命令注入检测
- security/constants.py: 威胁检测规则和评分常量
- 数据库表: threat_events, ip_risk_scores, user_risk_scores, ip_blacklist
Phase 2 - 风险评分与黑名单:
- security/risk_scorer.py: IP/用户风险评分引擎,支持分数衰减
- security/blacklist.py: 黑名单管理,自动封禁规则
Phase 3 - 响应策略:
- security/honeypot.py: 蜜罐响应生成器
- security/response_handler.py: 渐进式响应策略
Phase 4 - 集成:
- security/middleware.py: Flask安全中间件
- routes/admin_api/security.py: 管理后台安全仪表板API
- 36个测试用例全部通过
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2025-12-27 01:28:38 +08:00 |
|
|
|
e3b0c35da6
|
Harden auth risk controls and admin reauth
|
2025-12-26 21:07:47 +08:00 |
|
|
|
9aa28f5b9e
|
添加报表页面,更新用户管理和注册功能
|
2025-12-15 21:39:32 +08:00 |
|
|
|
a346509a5f
|
同步更新:重构路由、服务模块,更新前端构建
|
2025-12-14 21:47:46 +08:00 |
|
