alai-dev/trade-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c04fa2c19fdd2d978d64a22ed4fb36b5735385ee
trade-assistant/backend/app
T
History
TradeMate Dev c04fa2c19f T-005: Security hardening - CORS, Rate Limit, CSRF 
- CORS: Restrict allowed origins to specific frontend URLs, limit methods and headers
- Rate Limit: Add fine-grained endpoint-specific rate limits for sensitive operations
  - Login: 5 requests/minute
  - Register: 3 requests/hour
  - Password change: 3 requests/5 minutes
  - Payment: 20 requests/minute
  - Admin: 30 requests/minute
- CSRF: Add CSRF protection middleware with double-submit cookie pattern
  - New app/core/csrf.py module with CSRFMiddleware
  - Require CSRF tokens on sensitive endpoints (auth, payment, profile)
  - Skip webhook endpoints for CSRF validation
- Fix pydantic-settings import in config.py
2026-05-29 10:26:23 +08:00
..
ai
fix(T-002): remove sensitive info from logs
2026-05-29 08:29:06 +08:00
api
T-005: Security hardening - CORS, Rate Limit, CSRF
2026-05-29 10:26:23 +08:00
core
T-005: Security hardening - CORS, Rate Limit, CSRF
2026-05-29 10:26:23 +08:00
models
Add discovery search history with auto-save, fix timeout causing search failure
2026-05-27 15:54:50 +08:00
services
fix(T-002): remove sensitive info from logs
2026-05-29 08:29:06 +08:00
workers
feat: 修复 H5 底部导航覆盖 + 更新项目进度文档
2026-05-12 20:24:42 +08:00
__init__.py
Initial commit: TradeMate 外贸小助手 MVP
2026-05-08 18:17:12 +08:00
celery_app.py
feat: 修复 H5 底部导航覆盖 + 更新项目进度文档
2026-05-12 20:24:42 +08:00
config.py
T-005: Security hardening - CORS, Rate Limit, CSRF
2026-05-29 10:26:23 +08:00
database.py
Initial commit: TradeMate 外贸小助手 MVP
2026-05-08 18:17:12 +08:00
main.py
T-005: Security hardening - CORS, Rate Limit, CSRF
2026-05-29 10:26:23 +08:00