niuniu/lijiaoqiao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 系统性修复安全问题、性能问题和错误处理

Browse Source 
安全问题修复:
- X-Forwarded-For越界检查(auth.go)
- checkTokenStatus Context参数传递(auth.go)
- Type Assertion安全检查(auth.go)

性能问题修复:
- TokenCache过期清理机制
- BruteForceProtection过期清理
- InMemoryIdempotencyStore过期清理

错误处理修复:
- AuditStore.Emit返回error
- domain层emitAudit辅助方法
- List方法返回空slice而非nil
- 金额/价格负数验证

架构一致性:
- 统一使用model.RoleHierarchyLevels

新增功能:
- Alert API完整实现(CRUD+Resolve)
- pkg/error错误码集中管理
This commit is contained in:
Your Name
2026-04-07 07:41:25 +08:00
parent 12ce4913cd
commit d5b5a8ece0
21 changed files with 2321 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
supply-api/internal/domain/account.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"log"
"net/netip"
"time"
@@ -141,6 +142,14 @@ func NewAccountService(store AccountStore, auditStore audit.AuditStore) AccountS
return &accountService{store: store, auditStore: auditStore}
}
// emitAudit 安全记录审计日志(失败只记录错误,不影响主流程)
func (s *accountService) emitAudit(ctx context.Context, event audit.Event) {
if err := s.auditStore.Emit(ctx, event); err != nil {
log.Printf("[AUDIT_ERROR] failed to emit audit event: %v, object_type=%s, object_id=%d, action=%s",
err, event.ObjectType, event.ObjectID, event.Action)
}
}
func (s *accountService) Verify(ctx context.Context, supplierID int64, provider Provider, accountType AccountType, credential string) (*VerifyResult, error) {
// 开发阶段:模拟验证逻辑
result := &VerifyResult{
@@ -181,7 +190,7 @@ func (s *accountService) Create(ctx context.Context, req *CreateAccountRequest)
}
// 记录审计日志
s.auditStore.Emit(ctx, audit.Event{
s.emitAudit(ctx, audit.Event{
TenantID: req.SupplierID,
ObjectType: "supply_account",
ObjectID: account.ID,
@@ -210,7 +219,7 @@ func (s *accountService) Activate(ctx context.Context, supplierID, accountID int
return nil, err
}
s.auditStore.Emit(ctx, audit.Event{
s.emitAudit(ctx, audit.Event{
TenantID: supplierID,
ObjectType: "supply_account",
ObjectID: accountID,
@@ -239,7 +248,7 @@ func (s *accountService) Suspend(ctx context.Context, supplierID, accountID int6
return nil, err
}
s.auditStore.Emit(ctx, audit.Event{
s.emitAudit(ctx, audit.Event{
TenantID: supplierID,
ObjectType: "supply_account",
ObjectID: accountID,
@@ -260,7 +269,7 @@ func (s *accountService) Delete(ctx context.Context, supplierID, accountID int64
return errors.New("SUP_ACC_4092: cannot delete active accounts")
}
s.auditStore.Emit(ctx, audit.Event{
s.emitAudit(ctx, audit.Event{
TenantID: supplierID,
ObjectType: "supply_account",
ObjectID: accountID,