|
|
3bae759afc
|
Integrate KDocs auto-upload
|
2026-01-07 12:32:41 +08:00 |
|
|
|
4c492122dd
|
feat: support announcement image upload
# Conflicts:
# database.py
# db/migrations.py
# routes/admin_api/core.py
# static/admin/.vite/manifest.json
# static/admin/assets/AnnouncementsPage-Btl9JP7M.js
# static/admin/assets/EmailPage-CwqlBGU2.js
# static/admin/assets/FeedbacksPage-B_qDNL3q.js
# static/admin/assets/LogsPage-DzdymdrQ.js
# static/admin/assets/ReportPage-Bp26gOA-.js
# static/admin/assets/SettingsPage-__r25pN8.js
# static/admin/assets/SystemPage-C1OfxrU-.js
# static/admin/assets/UsersPage-DhnABKcY.js
# static/admin/assets/email-By53DCWv.js
# static/admin/assets/email-ByiJ74rd.js
# static/admin/assets/email-DkWacopQ.js
# static/admin/assets/index-D5wU2pVd.js
# static/admin/assets/tasks-1acmkoIX.js
# static/admin/assets/update-DdQLVpC3.js
# static/admin/assets/users-B1w166uc.js
# static/admin/assets/users-CPJP5r-B.js
# static/admin/assets/users-CnIyvFWm.js
# static/admin/index.html
# static/app/.vite/manifest.json
# static/app/assets/AccountsPage-C48gJL8c.js
# static/app/assets/AccountsPage-D387XNsv.js
# static/app/assets/AccountsPage-DBJCAsJz.js
# static/app/assets/LoginPage-BgK_Vl6X.js
# static/app/assets/RegisterPage-CwADxWfe.js
# static/app/assets/ResetPasswordPage-CVfZX_5z.js
# static/app/assets/SchedulesPage-CWuZpJ5h.js
# static/app/assets/SchedulesPage-Dw-mXbG5.js
# static/app/assets/SchedulesPage-DwzGOBuc.js
# static/app/assets/ScreenshotsPage-C6vX2U3V.js
# static/app/assets/ScreenshotsPage-CreOSjVc.js
# static/app/assets/ScreenshotsPage-DuTeRzLR.js
# static/app/assets/VerifyResultPage-BzGlCgtE.js
# static/app/assets/VerifyResultPage-CN_nr4V6.js
# static/app/assets/VerifyResultPage-CNbQc83z.js
# static/app/assets/accounts-BFaVMUve.js
# static/app/assets/accounts-BYq3lLev.js
# static/app/assets/accounts-Bc9j2moH.js
# static/app/assets/auth-Dk_ApO4B.js
# static/app/assets/index-BIng7uZJ.css
# static/app/assets/index-CDxVo_1Z.js
# static/app/index.html
|
2026-01-06 12:15:16 +08:00 |
|
|
|
46253337eb
|
feat: 实现完整安全防护系统
Phase 1 - 威胁检测引擎:
- security/threat_detector.py: JNDI/SQL/XSS/路径遍历/命令注入检测
- security/constants.py: 威胁检测规则和评分常量
- 数据库表: threat_events, ip_risk_scores, user_risk_scores, ip_blacklist
Phase 2 - 风险评分与黑名单:
- security/risk_scorer.py: IP/用户风险评分引擎,支持分数衰减
- security/blacklist.py: 黑名单管理,自动封禁规则
Phase 3 - 响应策略:
- security/honeypot.py: 蜜罐响应生成器
- security/response_handler.py: 渐进式响应策略
Phase 4 - 集成:
- security/middleware.py: Flask安全中间件
- routes/admin_api/security.py: 管理后台安全仪表板API
- 36个测试用例全部通过
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2025-12-27 01:28:38 +08:00 |
|
|
|
e3b0c35da6
|
Harden auth risk controls and admin reauth
|
2025-12-26 21:07:47 +08:00 |
|
|
|
f90b0a4f11
|
Harden auth, CSRF, and email log UX
|
2025-12-26 19:05:42 +08:00 |
|
|
|
a346509a5f
|
同步更新:重构路由、服务模块,更新前端构建
|
2025-12-14 21:47:46 +08:00 |
|
|
|
de8edcb3a6
|
feat: 添加邮件功能第二阶段 - 注册邮箱验证
实现注册时的邮箱验证功能:
- 修改注册API支持邮箱验证流程
- 新增邮箱验证API (/api/verify-email/<token>)
- 新增重发验证邮件API (/api/resend-verify-email)
- 新增邮箱验证状态查询API (/api/email/verify-status)
新增文件:
- templates/email/register.html - 注册验证邮件模板
- templates/verify_success.html - 验证成功页面
- templates/verify_failed.html - 验证失败页面
修改文件:
- email_service.py - 添加发送注册验证邮件函数
- app.py - 添加邮箱验证相关API
- database.py - 添加get_user_by_email函数
- app_config.py - 添加BASE_URL配置
- templates/register.html - 支持邮箱必填切换
- templates/login.html - 添加重发验证邮件功能
- templates/admin.html - 添加注册验证开关和BASE_URL设置
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2025-12-11 21:51:07 +08:00 |
|
|
|
7cfb76abf2
|
修复12项安全漏洞和代码质量问题
安全修复:
- 使用secrets替代random生成验证码,提升安全性
- 添加内存清理调度器,防止内存泄漏
- PIL缺失时返回503而非降级服务
- 改进会话安全配置,支持环境自动检测
- 密钥文件路径支持环境变量配置
Bug修复:
- 改进异常处理,不再吞掉SystemExit/KeyboardInterrupt
- 清理死代码(if False占位符)
- 改进浏览器资源释放逻辑,使用try-finally确保关闭
- 重构数据库连接池归还逻辑,修复竞态条件
- 添加安全的JSON解析方法,处理损坏数据
- 日志级别默认值改为INFO
- 提取魔法数字为可配置常量
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2025-12-11 20:00:19 +08:00 |
|
|
|
2e4b64dcb2
|
修复37项安全漏洞和Bug
高危修复:
- app.py: 添加ip_rate_limit_lock线程锁保护IP限流字典
- app.py: 添加validate_ip_port()验证代理IP/端口范围
- database.py: SQL字段名白名单验证防止注入
- playwright_automation.py: 改进浏览器进程强制清理逻辑
中危修复:
- database.py: 统一时区处理函数get_cst_now()
- database.py: 消除循环导入,移动app_security导入到顶部
- playwright_automation.py: 所有bare except改为except Exception
- app_config.py: dotenv导入失败警告+安全配置检查
- db_pool.py: 添加详细异常堆栈日志
- app_security.py: 用户名过滤零宽字符
- database.py: delete_old_task_logs分批删除避免锁表
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2025-12-11 19:35:29 +08:00 |
|
Yu Yon
|
8fd6923453
|
修复所有bug并添加新功能
- 修复添加账号按钮无反应问题
- 添加账号备注字段(可选)
- 添加账号设置按钮(修改密码/备注)
- 修复用户反馈���能
- 添加定时任务执行日志
- 修复容器重启后账号加载问题
- 修复所有JavaScript语法错误
- 优化账号加载机制(4层保障)
🤖 Generated with Claude Code
|
2025-12-10 11:19:16 +08:00 |
|
Yu Yon
|
1723e35fbc
|
Initial commit: 知识管理平台
主要功能:
- 多用户管理系统
- 浏览器自动化(Playwright)
- 任务编排和执行
- Docker容器化部署
- 数据持久化和日志管理
技术栈:
- Flask 3.0.0
- Playwright 1.40.0
- SQLite with connection pooling
- Docker + Docker Compose
部署说明详见README.md
|
2025-11-16 19:03:07 +08:00 |
|
