alai-dev/trade-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c04fa2c19fdd2d978d64a22ed4fb36b5735385ee
trade-assistant/backend
T
History
TradeMate Dev c04fa2c19f T-005: Security hardening - CORS, Rate Limit, CSRF 
- CORS: Restrict allowed origins to specific frontend URLs, limit methods and headers
- Rate Limit: Add fine-grained endpoint-specific rate limits for sensitive operations
  - Login: 5 requests/minute
  - Register: 3 requests/hour
  - Password change: 3 requests/5 minutes
  - Payment: 20 requests/minute
  - Admin: 30 requests/minute
- CSRF: Add CSRF protection middleware with double-submit cookie pattern
  - New app/core/csrf.py module with CSRFMiddleware
  - Require CSRF tokens on sensitive endpoints (auth, payment, profile)
  - Skip webhook endpoints for CSRF validation
- Fix pydantic-settings import in config.py
2026-05-29 10:26:23 +08:00
..
alembic
Add discovery search history with auto-save, fix timeout causing search failure
2026-05-27 15:54:50 +08:00
app
T-005: Security hardening - CORS, Rate Limit, CSRF
2026-05-29 10:26:23 +08:00
certs
feat: WeChat Pay integration, translation quota management, login UX fixes
2026-05-20 18:30:12 +08:00
tests
feat: 修复 H5 底部导航覆盖 + 更新项目进度文档
2026-05-12 20:24:42 +08:00
.env.example
T-005: Security hardening - CORS, Rate Limit, CSRF
2026-05-29 10:26:23 +08:00
alembic.ini
fix: make alembic use env var DATABASE_URL instead of hardcoded dev db
2026-05-14 10:24:50 +08:00
Dockerfile
feat: 修复 H5 底部导航覆盖 + 更新项目进度文档
2026-05-12 20:24:42 +08:00
pytest.ini
Initial commit: TradeMate 外贸小助手 MVP
2026-05-08 18:17:12 +08:00
requirements.txt
Add admin-frontend and user-frontend standalone projects, certification/invoice/discovery features, fix auth header and theme consistency
2026-05-22 18:35:30 +08:00