long-agent
0795e126cc
fix: resolve P0 security issues per governance baseline
P0-01: LIKE injection fix in device.go (2 locations)
- Added escapeLikePattern() to prevent LIKE pattern manipulation
P0-03: Token refresh blacklist fail-closed
- RefreshToken() now returns error if cache.Set fails
- Prevents token double-spend on cache failures
P0-05: CORS dangerous default configuration
- Default changed to empty origins, credentials off
- init() panics if default config is dangerous
P0-06: UpdateUser IDOR vulnerability fix
- Added authorization check (self-or-admin)
- Prevents unauthorized user profile modification
Also: Fixed frontend lint errors in device-fingerprint.test.ts and http/index.test.ts
All 518 frontend tests pass, all backend tests pass.
2026-04-18 09:32:54 +08:00
..
2026-04-18 09:32:54 +08:00
2026-04-17 20:43:50 +08:00
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
2026-04-12 16:15:32 +08:00
2026-04-17 20:43:50 +08:00
2026-04-17 20:43:50 +08:00
2026-04-17 20:43:50 +08:00
2026-04-17 20:43:50 +08:00
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
2026-04-17 20:43:50 +08:00
2026-04-07 07:23:29 +08:00
2026-04-07 18:10:36 +08:00
2026-04-17 20:43:50 +08:00
2026-04-18 09:32:54 +08:00
2026-04-17 20:43:50 +08:00
2026-04-17 20:43:50 +08:00
2026-04-18 09:32:54 +08:00
2026-04-17 20:43:50 +08:00
2026-04-17 20:43:50 +08:00
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00