fix: P0/P1 security and quality fixes

P0-01: Add ESCAPE clause to LIKE queries in operation_log.go and device.go P0-02: Add atomic Increment to L1Cache and L2Cache interfaces P0-07: Add TOTP verification step after password login P1-01: Sanitize error messages in error.go middleware P1-03: Remove err.Error() from export error messages P1-04: Add error return to CountByResultSince in login_log.go P1-05: Add transactional DeleteCascade to RoleRepository P1-06: Add PasswordChangedAt tracking for JWT token invalidation P1-07: Wrap theme SetDefault in database transaction P1-08: Use config values for database pool parameters P1-09: Add rows.Err() checks in social_account_repo.go P1-10: Validate sortOrder with map in user.go ORDER BY P1-11: Add GORM tags to Announcement struct P1-15: Add pageSize upper limit (100) to device and log handlers
2026-04-18 15:33:12 +08:00
parent 9d7abb8a46
commit 8095307d82
23 changed files with 186 additions and 86 deletions
--- a/internal/domain/announcement.go
+++ b/internal/domain/announcement.go
@@ -200,18 +200,18 @@ func (c AnnouncementCondition) validate() error {
 }

 type Announcement struct {
-	ID         int64
-	Title      string
-	Content    string
-	Status     string
-	NotifyMode string
-	Targeting  AnnouncementTargeting
-	StartsAt   *time.Time
-	EndsAt     *time.Time
-	CreatedBy  *int64
-	UpdatedBy  *int64
-	CreatedAt  time.Time
-	UpdatedAt  time.Time
+	ID         int64                `gorm:"primaryKey;autoIncrement" json:"id"`
+	Title      string               `gorm:"type:varchar(255);not null" json:"title"`
+	Content    string               `gorm:"type:text;not null" json:"content"`
+	Status     string               `gorm:"type:varchar(20);default:draft;index" json:"status"`
+	NotifyMode string               `gorm:"type:varchar(20);default:silent" json:"notify_mode"`
+	Targeting  AnnouncementTargeting `gorm:"type:text" json:"targeting"`
+	StartsAt   *time.Time           `gorm:"type:datetime" json:"starts_at,omitempty"`
+	EndsAt     *time.Time           `gorm:"type:datetime" json:"ends_at,omitempty"`
+	CreatedBy  *int64               `json:"created_by,omitempty"`
+	UpdatedBy  *int64               `json:"updated_by,omitempty"`
+	CreatedAt  time.Time            `gorm:"autoCreateTime" json:"created_at"`
+	UpdatedAt  time.Time            `gorm:"autoUpdateTime" json:"updated_at"`
 }

 func (a *Announcement) IsActiveAt(now time.Time) bool {
--- a/internal/domain/user.go
+++ b/internal/domain/user.go
@@ -62,6 +62,9 @@ type User struct {
 	TOTPEnabled       bool   `gorm:"default:false" json:"totp_enabled"`
 	TOTPSecret        string `gorm:"type:varchar(64)" json:"-"` // Base32 密钥，不返回给前端
 	TOTPRecoveryCodes string `gorm:"type:text" json:"-"`        // JSON 编码的恢复码列表
+
+	// PasswordChangedAt 密码更新时间，用于 token 失效机制
+	PasswordChangedAt time.Time `gorm:"type:timestamp;index" json:"password_changed_at,omitempty"`
 }

 // TableName 指定表名