TradeMate Dev 13e3992d4c fix: security and code quality improvements ...

Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility

2026-06-11 17:54:07 +08:00

..

public/images

refactor: replace direct WeChat/Alipay with unified pay-api gateway

2026-05-29 18:36:50 +08:00

src

feat: AI routing DB-driven, payment gateway full integration, WeChat mini-program CI/CD

2026-06-09 17:19:45 +08:00

index.html

Add admin-frontend and user-frontend standalone projects, certification/invoice/discovery features, fix auth header and theme consistency

2026-05-22 18:35:30 +08:00

package-lock.json

fix: security and code quality improvements

2026-06-11 17:54:07 +08:00

package.json

fix: security and code quality improvements

2026-06-11 17:54:07 +08:00

vite.config.js

chore: post-deployment cleanup and docs update

2026-06-02 15:40:02 +08:00