 TradeMate Dev
|
d2736d1ef6
|
feat: AI routing DB-driven, payment gateway full integration, WeChat mini-program CI/CD
- AI routing rules now stored in system_configs DB table instead of hardcoded config
- Multi-model support via name|model composite key for same-provider routing
- UnifiedPayService with HMAC-SHA256 gateway integration (alipay/wechat)
- Admin payment panel: list, stats, search, filter, refund
- WeChat mini-program CI/CD via miniprogram-ci (v1.0.9)
- Translation quota extended to LLM provider tier
- SearchService with DB-driven provider config (bing/google_cse/searxng)
- Footer cleanup across admin/workspace/uni-app
- Private key excluded from git tracking
|
2026-06-09 17:19:45 +08:00 |
|
|
TradeMate Dev
|
3e39cf0170
|
refactor: replace direct WeChat/Alipay with unified pay-api gateway
Switch from direct WeChat Pay / Alipay integrations to the unified
宇之然 pay-api gateway (HMAC-SHA256 auth). Removes wechat_pay.py,
keeps PaymentGateway abstraction, adds UnifiedPayService. Simplifies
payment.py create_order to {plan, pay_type} params. Single webhook
endpoint replaces separate WeChat/Alipay notify handlers.
|
2026-05-29 18:36:50 +08:00 |
|
|
TradeMate Dev
|
c04fa2c19f
|
T-005: Security hardening - CORS, Rate Limit, CSRF
- CORS: Restrict allowed origins to specific frontend URLs, limit methods and headers
- Rate Limit: Add fine-grained endpoint-specific rate limits for sensitive operations
- Login: 5 requests/minute
- Register: 3 requests/hour
- Password change: 3 requests/5 minutes
- Payment: 20 requests/minute
- Admin: 30 requests/minute
- CSRF: Add CSRF protection middleware with double-submit cookie pattern
- New app/core/csrf.py module with CSRFMiddleware
- Require CSRF tokens on sensitive endpoints (auth, payment, profile)
- Skip webhook endpoints for CSRF validation
- Fix pydantic-settings import in config.py
|
2026-05-29 10:26:23 +08:00 |
|