trade-assistant

alai-dev/trade-assistant

Fork 0

Commit Graph

Author	SHA1	Message	Date
TradeMate Dev	13e3992d4c	fix: security and code quality improvements Security fixes: - Add file upload size limits (10MB) for customer and product imports - Add XLSX file validation with row limits and magic byte checking - Implement password validation (min 6 chars) in registration - Add rate limiting for guest login (5 per IP per 15 minutes) - Sanitize error messages to prevent information leakage - Fix XSS vulnerability by removing unsafe v-html usage - Enforce WhatsApp webhook signature verification - Add SSRF protection with URL validation and IP blocking - Fix marketing endpoints to use proper authentication Code quality improvements: - Create shared utility functions for UUID validation and string sanitization - Remove duplicate UUID validation code from admin modules - Remove dead code (pass statement in translation.py) - Fix aliyun SDK import compatibility	2026-06-11 17:54:07 +08:00
TradeMate Dev	d2736d1ef6	feat: AI routing DB-driven, payment gateway full integration, WeChat mini-program CI/CD - AI routing rules now stored in system_configs DB table instead of hardcoded config - Multi-model support via name\|model composite key for same-provider routing - UnifiedPayService with HMAC-SHA256 gateway integration (alipay/wechat) - Admin payment panel: list, stats, search, filter, refund - WeChat mini-program CI/CD via miniprogram-ci (v1.0.9) - Translation quota extended to LLM provider tier - SearchService with DB-driven provider config (bing/google_cse/searxng) - Footer cleanup across admin/workspace/uni-app - Private key excluded from git tracking	2026-06-09 17:19:45 +08:00
TradeMate Dev	52dba37f22	Add admin-frontend and user-frontend standalone projects, certification/invoice/discovery features, fix auth header and theme consistency	2026-05-22 18:35:30 +08:00

Author

SHA1

Message

Date

TradeMate Dev

13e3992d4c

fix: security and code quality improvements

Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility

2026-06-11 17:54:07 +08:00

TradeMate Dev

d2736d1ef6

feat: AI routing DB-driven, payment gateway full integration, WeChat mini-program CI/CD

- AI routing rules now stored in system_configs DB table instead of hardcoded config
- Multi-model support via name|model composite key for same-provider routing
- UnifiedPayService with HMAC-SHA256 gateway integration (alipay/wechat)
- Admin payment panel: list, stats, search, filter, refund
- WeChat mini-program CI/CD via miniprogram-ci (v1.0.9)
- Translation quota extended to LLM provider tier
- SearchService with DB-driven provider config (bing/google_cse/searxng)
- Footer cleanup across admin/workspace/uni-app
- Private key excluded from git tracking

2026-06-09 17:19:45 +08:00

TradeMate Dev

52dba37f22

Add admin-frontend and user-frontend standalone projects, certification/invoice/discovery features, fix auth header and theme consistency

2026-05-22 18:35:30 +08:00

3 Commits