zsglpt

Author	SHA1	Message	Date
yuyx	ad847888f8	Avoid live KDocs status on page load	2026-01-07 14:12:54 +08:00
yuyx	8c150dcb7c	Auto poll KDocs login status	2026-01-07 14:04:09 +08:00
yuyx	6b416dc5f1	Force KDocs QR fetch and improve login detection	2026-01-07 13:07:57 +08:00
yuyx	3bae759afc	Integrate KDocs auto-upload	2026-01-07 12:32:41 +08:00
yuyx	4c492122dd	feat: support announcement image upload # Conflicts: # database.py # db/migrations.py # routes/admin_api/core.py # static/admin/.vite/manifest.json # static/admin/assets/AnnouncementsPage-Btl9JP7M.js # static/admin/assets/EmailPage-CwqlBGU2.js # static/admin/assets/FeedbacksPage-B_qDNL3q.js # static/admin/assets/LogsPage-DzdymdrQ.js # static/admin/assets/ReportPage-Bp26gOA-.js # static/admin/assets/SettingsPage-__r25pN8.js # static/admin/assets/SystemPage-C1OfxrU-.js # static/admin/assets/UsersPage-DhnABKcY.js # static/admin/assets/email-By53DCWv.js # static/admin/assets/email-ByiJ74rd.js # static/admin/assets/email-DkWacopQ.js # static/admin/assets/index-D5wU2pVd.js # static/admin/assets/tasks-1acmkoIX.js # static/admin/assets/update-DdQLVpC3.js # static/admin/assets/users-B1w166uc.js # static/admin/assets/users-CPJP5r-B.js # static/admin/assets/users-CnIyvFWm.js # static/admin/index.html # static/app/.vite/manifest.json # static/app/assets/AccountsPage-C48gJL8c.js # static/app/assets/AccountsPage-D387XNsv.js # static/app/assets/AccountsPage-DBJCAsJz.js # static/app/assets/LoginPage-BgK_Vl6X.js # static/app/assets/RegisterPage-CwADxWfe.js # static/app/assets/ResetPasswordPage-CVfZX_5z.js # static/app/assets/SchedulesPage-CWuZpJ5h.js # static/app/assets/SchedulesPage-Dw-mXbG5.js # static/app/assets/SchedulesPage-DwzGOBuc.js # static/app/assets/ScreenshotsPage-C6vX2U3V.js # static/app/assets/ScreenshotsPage-CreOSjVc.js # static/app/assets/ScreenshotsPage-DuTeRzLR.js # static/app/assets/VerifyResultPage-BzGlCgtE.js # static/app/assets/VerifyResultPage-CN_nr4V6.js # static/app/assets/VerifyResultPage-CNbQc83z.js # static/app/assets/accounts-BFaVMUve.js # static/app/assets/accounts-BYq3lLev.js # static/app/assets/accounts-Bc9j2moH.js # static/app/assets/auth-Dk_ApO4B.js # static/app/assets/index-BIng7uZJ.css # static/app/assets/index-CDxVo_1Z.js # static/app/index.html	2026-01-06 12:15:16 +08:00
yuyx	7cf39f80bc	fix: 兼容旧浏览器后台与截图开关	2025-12-31 19:04:42 +08:00
yuyx	41ead4bead	replace screenshot pipeline and update admin	2025-12-31 16:50:35 +08:00
yuyx	01ffaf96a3	fix: CPU显示修复 + 报表面板添加浏览器池状态 1. CPU 显示修复: - routes/admin_api/core.py: 新增 _get_server_cpu_percent() - 首次调用使用 interval=0.1 避免返回 0.0 - 后续调用使用缓存，TTL 1秒 2. 报表面板浏览器池状态: - admin-frontend/src/api/browser_pool.js: 新增 API 调用 - ReportPage.vue: 添加浏览器池状态卡片 - 显示总/活跃/空闲 Worker 数和队列等待数 - Worker 表格带状态颜色标签（活跃/空闲/异常） 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-27 20:15:48 +08:00
yuyx	1b20478a08	feat: 风险分定时衰减 + 密码提示修复 + 浏览器池API + next回跳 1. 风险分衰减定时任务: - services/scheduler.py: 每天 CST 04:00 自动执行 decay_scores() - 支持 RISK_SCORE_DECAY_TIME_CST 环境变量覆盖 2. 密码长度提示统一为8位: - app-frontend/src/pages/RegisterPage.vue - app-frontend/src/layouts/AppLayout.vue - admin-frontend/src/pages/SettingsPage.vue - templates/register.html 3. 浏览器池统计API: - GET /yuyx/api/browser_pool/stats - 返回 worker 状态、队列等待数等信息 - browser_pool_worker.py: 增强 get_stats() 方法 4. 登录后支持 next 参数回跳: - app-frontend/src/pages/LoginPage.vue: 检查 ?next= 参数 - 仅允许站内路径（防止开放重定向） 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-27 18:28:21 +08:00
yuyx	3d9dba272e	refactor: 删除版本更新功能 + 报表页自动刷新删除版本与更新功能: - routes/admin_api/update.py: 删除整个文件 - routes/admin_api/__init__.py: 移除 update 模块注册 - admin-frontend/src/pages/SystemPage.vue: 移除版本更新UI区块 - admin-frontend/src/api/update.js: 删除整个文件 - 删除 static/admin/assets/update-*.js 报表页自动刷新: - admin-frontend/src/pages/ReportPage.vue: 添加 setInterval 每1秒刷新 - 在 onMounted 启动定时器，onUnmounted 清除 - 覆盖统计数据、运行中任务、系统信息等所有动态数据 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-27 12:41:26 +08:00
yuyx	89f3fd9759	feat: 安全增强 + 删除密码重置申请功能 + 登录提醒开关安全增强: - 新增 SSRF、XXE、模板注入、敏感路径探测检测规则 - security/constants.py: 添加新的威胁类型和检测模式 - security/threat_detector.py: 实现新检测逻辑删除密码重置申请功能: - 移除 /api/password_resets 相关API - 删除 password_reset_requests 数据库表 - 前端移除密码重置申请页面和菜单 - 用户只能通过邮��找回密码，未绑定邮箱需联系管理员登录提醒全局开关: - email_service.py: 添加 login_alert_enabled 字段 - routes/api_auth.py: 检查开关状态再发送登录提醒 - EmailPage.vue: 添加新设备登录提醒开关 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-27 12:08:36 +08:00
yuyx	46253337eb	feat: 实现完整安全防护系统 Phase 1 - 威胁检测引擎: - security/threat_detector.py: JNDI/SQL/XSS/路径遍历/命令注入检测 - security/constants.py: 威胁检测规则和评分常量 - 数据库表: threat_events, ip_risk_scores, user_risk_scores, ip_blacklist Phase 2 - 风险评分与黑名单: - security/risk_scorer.py: IP/用户风险评分引擎，支持分数衰减 - security/blacklist.py: 黑名单管理，自动封禁规则 Phase 3 - 响应策略: - security/honeypot.py: 蜜罐响应生成器 - security/response_handler.py: 渐进式响应策略 Phase 4 - 集成: - security/middleware.py: Flask安全中间件 - routes/admin_api/security.py: 管理后台安全仪表板API - 36个测试用例全部通过 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-27 01:28:38 +08:00
yuyx	e3b0c35da6	Harden auth risk controls and admin reauth	2025-12-26 21:07:47 +08:00
yuyx	f90b0a4f11	Harden auth, CSRF, and email log UX	2025-12-26 19:05:42 +08:00
yuyx	738eaa5211	更新邮件服务和SMTP配置功能	2025-12-15 20:32:28 +08:00
yuyx	8846945208	更新邮件页面和管理API	2025-12-15 17:16:56 +08:00
yuyx	a8b9f225bd	更新系统页面和更新功能 - 更新 admin-frontend 系统页面和更新 API - 更新 routes 和 services 中的更新逻辑 - 重新构建前端静态资源	2025-12-15 15:58:12 +08:00
yuyx	0d1397debe	添加自动更新功能	2025-12-15 14:34:08 +08:00
yuyx	a346509a5f	同步更新：重构路由、服务模块，更新前端构建	2025-12-14 21:47:46 +08:00

19 Commits