txai-dev/zhiyin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

代码评审 & 安全修复

Browse Source 
后端:
- 创建 AdminGuard 替代 12 处手动 role 查库检查,统一用 JWT payload 中的 role
- 密码字段 select: false,所有需密码的查询显式 select('+password')
- 文件上传接口移除 @Public(),需 JWT 认证
- 管理员搜索关键词限长 50 字符防 ReDoS
- CORS 收窄,不再对非生产环境放行所有源
- postbuild 复制 certs 路径同步到 dist/src/certs
- package.json main/start:prod 路径更新为 dist/src/main

前端:
- resume.vue 文件上传补充 Authorization header
- login.vue 移除含用户邮箱的 console.log 日志
This commit is contained in:
yuzhiran
2026-06-11 19:55:10 +08:00
parent f7da843d56
commit 6dfb6bef48
14 changed files with 61 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files
zhiyin-app/src/pages/login/login.vue
-3
View File
@@ -182,17 +182,14 @@ const sendEmailCode = () => {
if (cooldown.value > 0) { showToast('请稍后再试'); return }
const re = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
if (!re.test(email.value)) { showToast('请输入正确的邮箱'); return }
console.log('[sendEmailCode] 发送中,email:', email.value)
uni.request({
url: api('/user/send-email-code'),
method: 'POST',
header: { 'Content-Type': 'application/json' },
data: { email: email.value },
success: (res) => {
console.log('[sendEmailCode] success res:', JSON.stringify(res))
if (res.statusCode === 200) {
emailSent.value = true
console.log('[sendEmailCode] emailSent 设为 true')
showToast('验证码已发送', 'success')
startCooldown()
} else {
zhiyin-app/src/pages/resume/resume.vue
+2 -2
View File
@@ -252,7 +252,7 @@ const uploadMpFile = async (filePath, name) => {
fileName.value = name
uploading.value = true
try {
const res = await uni.uploadFile({ url: api('/upload'), filePath, name: 'file' })
const res = await uni.uploadFile({ url: api('/upload'), filePath, name: 'file', header: { 'Authorization': `Bearer ${token()}` } })
const data = JSON.parse(res.data)
if (res.statusCode === 200) {
resumeText.value = data.text
@@ -271,7 +271,7 @@ const onFileSelected = async (e) => {
try {
const formData = new FormData()
formData.append('file', file)
const res = await fetch(api('/upload'), { method: 'POST', body: formData })
const res = await fetch(api('/upload'), { method: 'POST', headers: { 'Authorization': `Bearer ${token()}` }, body: formData })
const data = await res.json()
if (res.ok) {
resumeText.value = data.text