alai-dev/trade-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55 Commits 1 Branch 0 Tags
15d172e825f13906e2904cda342fbd954b54e7a5
Commit Graph

14 Commits

Author SHA1 Message Date
TradeMate Dev 2a107a42f3 feat: credit-based billing system 
- New DB models: credit_packages, subscription_plans, user_credits, credit_consumptions, credit_purchases
- CreditService: balance, deduct, add_credits, grant_free_trial, history
- User API: /api/v1/credits/* (balance/history/packages/purchase/subscribe)
- Admin API: /api/v1/admin/credit-* (CRUD packages/plans, user credits, consumptions)
- PaymentService.create_credit_order + handle_callback for credit purchases
- Credit deduction on: discovery, translate, marketing, ai_chat, followup
- Free trial 30 credits on registration
- Documentation: docs/CREDIT_SYSTEM.md
 2026-06-12 10:39:45 +08:00
TradeMate Dev 9e9c7ac270 fix: additional code quality and performance improvements 
Code quality:
- Remove empty except blocks with proper logging
- Create shared pagination utility function
- Remove duplicate UUID validation code
- Fix dead code in translation.py

Performance:
- Fix N+1 query in followup engine (use join instead of loop)
- Add eager loading for customer health scores
- Create database indexes for common query patterns:
  - customers: (user_id, status), (user_id, last_contact_at)
  - payment_transactions: (user_id, created_at)
  - followup_logs: (user_id, customer_id)
  - notifications: (user_id, is_read)

Configuration:
- Centralize magic numbers in config.py:
  - Payment prices
  - File upload limits
  - Rate limiting settings
  - Pagination defaults
- Update auth.py to use centralized rate limiting config
- Update customer/product imports to use centralized upload limits
- Update import_service.py to use centralized MAX_ROWS
 2026-06-11 18:25:08 +08:00
TradeMate Dev 13e3992d4c fix: security and code quality improvements 
Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility
 2026-06-11 17:54:07 +08:00
TradeMate Dev fa3050a17c fix: remove CSRF requirement from login/register endpoints 
Anonymous users have no CSRF cookie, so require_csrf_token always
raises 403 on first visit. This broke all first-time logins and
registrations. CSRF protection is unnecessary here since there's
no authenticated session to forge requests against.
 2026-05-30 21:39:02 +08:00
TradeMate Dev c04fa2c19f T-005: Security hardening - CORS, Rate Limit, CSRF 
- CORS: Restrict allowed origins to specific frontend URLs, limit methods and headers
- Rate Limit: Add fine-grained endpoint-specific rate limits for sensitive operations
  - Login: 5 requests/minute
  - Register: 3 requests/hour
  - Password change: 3 requests/5 minutes
  - Payment: 20 requests/minute
  - Admin: 30 requests/minute
- CSRF: Add CSRF protection middleware with double-submit cookie pattern
  - New app/core/csrf.py module with CSRFMiddleware
  - Require CSRF tokens on sensitive endpoints (auth, payment, profile)
  - Skip webhook endpoints for CSRF validation
- Fix pydantic-settings import in config.py
 2026-05-29 10:26:23 +08:00
TradeMate Dev bed5c7abef Add landing page, referral system, usage quotas, search API management, and yearly pricing 
- Separate workspace landing from login for better UX
- Referral system rewards both parties with Pro days
- Quota enforcement prevents abuse without breaking endpoints
- 7-day free trial with auto-downgrade on expiry
- Admin-managed search provider config (SearXNG, Bing)
- 15% discount on annual subscriptions
- MCP search server wrapping opencode search
- Fix discovery module field name mismatch causing 422
 2026-05-26 11:40:13 +08:00
TradeMate Dev a60aac4638 Unify frontend config, fix marketing tracking field mismatch, expose customer notes in API 
Centralizes all hardcoded page paths, storage keys, external URLs, and branding into a single uni-app/src/config.js. Fixes trackMarketingEffect sending wrong field names (action/content_preview -> event_type/content) that silently dropped tracking data. Adds notes, estimated_value, next_followup_at to Customer response. Removes '翻译' from bottom tab nav (5 tabs now), adds quick translate card on home page. Makes profile page header color consistent with app theme (#1890ff).
 2026-05-20 14:30:50 +08:00
TradeMate Dev 4755cc75ba feat: 管理后台完整可用 + 注册登录记日志 + 提取信息结构化展示 + 微信配置就绪 
- 管理后台用户/统计/日志/配置四页签全部对接真实后端API
- auth注册/登录/游客/微信登录事件写入usage_logs表
- 提取信息结果从原始JSON改为卡片式字段列表(中文标签)
- 管理后台搜索按钮增加加载态和结果数提示
- 配置WECHAT_APP_ID/WECHAT_APP_SECRET
- 客户/产品/报价单CRUD页面完整(导出导入批量操作)
 2026-05-18 23:50:48 +08:00
TradeMate Dev ac51716097 fix: route ordering customer/{id}/health before /{id}; CustomerHealthService for health-overview; keywords/competitor Header decorator; onboarding product_info dict; marketing template fallback; frontend style-switching tabs 2026-05-15 09:17:26 +08:00
TradeMate Dev 93f6ad306a fix: change login endpoint from OAuth2PasswordRequestForm to accept JSON body 2026-05-14 17:03:24 +08:00
TradeMate Dev 23a31f7c00 feat: silent wechat login, marketing tab optimization, admin page foundation 
- Add silent WeChat login for MP/browser environments
- Fix Python 3.6 compatibility (remove typing.Annotated usage)
- Marketing page: tab-based content generation with category support
- Translate page: add auto-detect language default
- Homepage: add TTS playback, announcement ticker, remove redundant quick-actions
- Fix FAB button overlap with custom tabbar on customers/quotation pages
- Make openai/anthropic imports lazy for Python 3.6 compat
 2026-05-14 00:30:48 +08:00
TradeMate Dev 04f7ff0317 fix: CORS/API 500 issues, switch to native tabbar, restore quick-actions 
- Backend: guest UUID format fix, /auth/me guest branch, UUID validation in deps.py, CORS config fix
- Frontend: switch to native tabbar (custom: false), cleanup App.vue, redesign quick-actions with colored icons, conditional wechat login, proxy API requests via Vite
 2026-05-13 17:54:13 +08:00
TradeMate Dev 7b62c2f8b4 feat: 修复 H5 底部导航覆盖 + 更新项目进度文档 
## H5 底部导航修复 (Bug #10)
- 精简 App.vue,移除重复 tabbar,仅保留全局样式
- uni-page 设置 height: calc(100% - 50px) + overflow-y: auto
- 内容区域精确停在底部导航上方,独立滚动不再叠加
- 恢复 custom-tab-bar 组件

## 项目进度文档
- PROGRESS.md 更新至 10 个 Bug 修复
- 新增 H5 底部导航修复记录
- 新增历史变更条目
 2026-05-12 20:24:42 +08:00
TradeMate Dev c6206787da Initial commit: TradeMate 外贸小助手 MVP 
项目结构:
- backend/     Python FastAPI 后端
- uni-app/     uni-app跨端前端
- docs/        设计文档
- docker-compose.yml  Docker编排
- nginx/scripts/systemd 运维配置

已完成功能:
- 用户认证 (JWT)
- 智能翻译 + 回复建议
- 营销素材生成
- 客户管理 + 沉默检测
- 报价单管理
- 产品库管理
- 汇率换算
- 推送通知 (uni-push)
- WhatsApp Webhook框架
- Celery定时任务
 2026-05-08 18:17:12 +08:00