d2736d1ef6
feat: AI routing DB-driven, payment gateway full integration, WeChat mini-program CI/CD
...
- AI routing rules now stored in system_configs DB table instead of hardcoded config
- Multi-model support via name|model composite key for same-provider routing
- UnifiedPayService with HMAC-SHA256 gateway integration (alipay/wechat)
- Admin payment panel: list, stats, search, filter, refund
- WeChat mini-program CI/CD via miniprogram-ci (v1.0.9)
- Translation quota extended to LLM provider tier
- SearchService with DB-driven provider config (bing/google_cse/searxng)
- Footer cleanup across admin/workspace/uni-app
- Private key excluded from git tracking
2026-06-09 17:19:45 +08:00
3e39cf0170
refactor: replace direct WeChat/Alipay with unified pay-api gateway
...
Switch from direct WeChat Pay / Alipay integrations to the unified
宇之然 pay-api gateway (HMAC-SHA256 auth). Removes wechat_pay.py,
keeps PaymentGateway abstraction, adds UnifiedPayService. Simplifies
payment.py create_order to {plan, pay_type} params. Single webhook
endpoint replaces separate WeChat/Alipay notify handlers.
2026-05-29 18:36:50 +08:00
c04fa2c19f
T-005: Security hardening - CORS, Rate Limit, CSRF
...
- CORS: Restrict allowed origins to specific frontend URLs, limit methods and headers
- Rate Limit: Add fine-grained endpoint-specific rate limits for sensitive operations
- Login: 5 requests/minute
- Register: 3 requests/hour
- Password change: 3 requests/5 minutes
- Payment: 20 requests/minute
- Admin: 30 requests/minute
- CSRF: Add CSRF protection middleware with double-submit cookie pattern
- New app/core/csrf.py module with CSRFMiddleware
- Require CSRF tokens on sensitive endpoints (auth, payment, profile)
- Skip webhook endpoints for CSRF validation
- Fix pydantic-settings import in config.py
2026-05-29 10:26:23 +08:00
bed5c7abef
Add landing page, referral system, usage quotas, search API management, and yearly pricing
...
- Separate workspace landing from login for better UX
- Referral system rewards both parties with Pro days
- Quota enforcement prevents abuse without breaking endpoints
- 7-day free trial with auto-downgrade on expiry
- Admin-managed search provider config (SearXNG, Bing)
- 15% discount on annual subscriptions
- MCP search server wrapping opencode search
- Fix discovery module field name mismatch causing 422
2026-05-26 11:40:13 +08:00
7b62c2f8b4
feat: 修复 H5 底部导航覆盖 + 更新项目进度文档
...
## H5 底部导航修复 (Bug #10 )
- 精简 App.vue,移除重复 tabbar,仅保留全局样式
- uni-page 设置 height: calc(100% - 50px) + overflow-y: auto
- 内容区域精确停在底部导航上方,独立滚动不再叠加
- 恢复 custom-tab-bar 组件
## 项目进度文档
- PROGRESS.md 更新至 10 个 Bug 修复
- 新增 H5 底部导航修复记录
- 新增历史变更条目
2026-05-12 20:24:42 +08:00
c6206787da
Initial commit: TradeMate 外贸小助手 MVP
...
项目结构:
- backend/ Python FastAPI 后端
- uni-app/ uni-app跨端前端
- docs/ 设计文档
- docker-compose.yml Docker编排
- nginx/scripts/systemd 运维配置
已完成功能:
- 用户认证 (JWT)
- 智能翻译 + 回复建议
- 营销素材生成
- 客户管理 + 沉默检测
- 报价单管理
- 产品库管理
- 汇率换算
- 推送通知 (uni-push)
- WhatsApp Webhook框架
- Celery定时任务
2026-05-08 18:17:12 +08:00
TradeMate Dev