trade-assistant

alai-dev/trade-assistant

Fork 0

Commit Graph

Author	SHA1	Message	Date
TradeMate Dev	9e9c7ac270	fix: additional code quality and performance improvements Code quality: - Remove empty except blocks with proper logging - Create shared pagination utility function - Remove duplicate UUID validation code - Fix dead code in translation.py Performance: - Fix N+1 query in followup engine (use join instead of loop) - Add eager loading for customer health scores - Create database indexes for common query patterns: - customers: (user_id, status), (user_id, last_contact_at) - payment_transactions: (user_id, created_at) - followup_logs: (user_id, customer_id) - notifications: (user_id, is_read) Configuration: - Centralize magic numbers in config.py: - Payment prices - File upload limits - Rate limiting settings - Pagination defaults - Update auth.py to use centralized rate limiting config - Update customer/product imports to use centralized upload limits - Update import_service.py to use centralized MAX_ROWS	2026-06-11 18:25:08 +08:00
TradeMate Dev	13e3992d4c	fix: security and code quality improvements Security fixes: - Add file upload size limits (10MB) for customer and product imports - Add XLSX file validation with row limits and magic byte checking - Implement password validation (min 6 chars) in registration - Add rate limiting for guest login (5 per IP per 15 minutes) - Sanitize error messages to prevent information leakage - Fix XSS vulnerability by removing unsafe v-html usage - Enforce WhatsApp webhook signature verification - Add SSRF protection with URL validation and IP blocking - Fix marketing endpoints to use proper authentication Code quality improvements: - Create shared utility functions for UUID validation and string sanitization - Remove duplicate UUID validation code from admin modules - Remove dead code (pass statement in translation.py) - Fix aliyun SDK import compatibility	2026-06-11 17:54:07 +08:00

Author

SHA1

Message

Date

TradeMate Dev

9e9c7ac270

fix: additional code quality and performance improvements

Code quality:
- Remove empty except blocks with proper logging
- Create shared pagination utility function
- Remove duplicate UUID validation code
- Fix dead code in translation.py

Performance:
- Fix N+1 query in followup engine (use join instead of loop)
- Add eager loading for customer health scores
- Create database indexes for common query patterns:
  - customers: (user_id, status), (user_id, last_contact_at)
  - payment_transactions: (user_id, created_at)
  - followup_logs: (user_id, customer_id)
  - notifications: (user_id, is_read)

Configuration:
- Centralize magic numbers in config.py:
  - Payment prices
  - File upload limits
  - Rate limiting settings
  - Pagination defaults
- Update auth.py to use centralized rate limiting config
- Update customer/product imports to use centralized upload limits
- Update import_service.py to use centralized MAX_ROWS

2026-06-11 18:25:08 +08:00

TradeMate Dev

13e3992d4c

fix: security and code quality improvements

Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility

2026-06-11 17:54:07 +08:00

2 Commits