niuniu/lijiaoqiao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
198 Commits 4 Branches 0 Tags
main
Commit Graph

124 Commits

Author SHA1 Message Date
Your Name
ecfde0e887 P4-D: secret治理和KMS表述清理 
domain/account.go: CredentialKMSKeyAlias → CredentialKeyAlias + 注释说明(非KMS)
repository/account.go: 字段映射同步更新(SQL列名credential_kms_key_alias保持不变避免迁移)
security/kms_service.go: 添加模块顶部注释,区分本地加密与真实KMS服务,明确ProviderType="local"为本地实现
 2026-04-21 20:32:31 +08:00
Your Name
07614339cb P4-C: IAM闭环 - SubjectID审计注入/Scope-UserType匹配校验 
audit.Event: 新增OperatorID字段 + WithSubjectID/EnrichEventWithSubjectID工具函数
domain service: account/package/settlement三处emitAudit已注入EnrichEventWithSubjectID
WithIAMClaims: auth中间件同时注入SubjectID到审计context
scope model: 新增ValidateUserTypeScopeMatch函数(supply用户不能用consumer:* scope)
scope_auth: 新增RequireScopeWithUserType中间件 + ValidateScopeCodeMatch
scope_usertype_test: 覆盖supply跨租户访问consumer资源的403拦截场景
docs: 2026-04-21-iam-tenant-operator-scope-analysis.md 完整闭环分析
 2026-04-21 20:29:48 +08:00
Your Name
8c5ab32e2e P3-D: supply-api后台worker shutdown纪律 - partition维护取消/outbox优雅停止 2026-04-21 18:53:01 +08:00
Your Name
e249a9160b P3-C: 三服务可观测面统一 - metrics端点统一/健康检查别名/traceID透传 
Gateway:
- remote_runtime.go: P3-C-08 从请求上下文透传 X-Request-Id 到 platform-token-runtime

Supply-api:
- 新建 internal/metrics/metrics.go: HTTP请求计数/latency/token发布/worker queue指标 (Prometheus-text)
- 新建 internal/metrics/metrics_test.go: 6个测试覆盖
- bootstrap.go: 注册 /metrics (P3-C-01/04)、/health、/healthz 别名 (P3-C-05)

Platform-token-runtime:
- bootstrap.go: 添加 /health 和 /livez 别名 (P3-C-05)

三服务 /metrics 统一为 text/plain; version=0.0.4
三服务 /health 端点统一别名
Gateway → platform-token-runtime 透传 trace ID
 2026-04-21 18:40:43 +08:00
Your Name
c59204049a docs(ci): define cross-service smoke taxonomy 2026-04-21 09:38:37 +08:00
Your Name
b3e34c6e36 feat(ci): normalize shared environment semantics 2026-04-21 09:34:29 +08:00
Your Name
c5de0220a0 docs(plan): align service authority boundaries 
Update the supply-api and platform-token-runtime READMEs to reflect the single token authority model, record the changes in the execution log, and mark P1-A-07 and P1-A-08 complete in the master plan.
 2026-04-21 09:03:05 +08:00
Your Name
eab029a05c fix(supply-api): classify handler failures by error type 2026-04-20 16:24:24 +08:00
Your Name
a1555c0127 fix(iam): omit missing grantor foreign key 2026-04-20 16:18:32 +08:00
Your Name
79d9b872f6 fix(iam): write nullable inet fields correctly 2026-04-20 16:16:52 +08:00
Your Name
a109a6836f fix(iam): tolerate nullable db-backed role fields 2026-04-20 16:14:12 +08:00
Your Name
566169687a fix(iam): allow wildcard scope in schema seed 2026-04-20 16:11:26 +08:00
Your Name
319d9e1989 fix(supply-api): realign audit event persistence contract 2026-04-20 11:50:20 +08:00
Your Name
1c088e2dd4 fix(supply-api): restore package lifecycle ownership semantics 2026-04-20 11:36:07 +08:00
Your Name
00ff6363bd fix(supply-api): align account lifecycle optimistic locking 2026-04-20 11:22:18 +08:00
Your Name
50f0cc8606 fix(supply-api): restore package create insert contract 2026-04-20 11:16:14 +08:00
Your Name
9dba094183 fix(supply-api): restore db-backed idempotency locking 2026-04-20 11:10:35 +08:00
Your Name
414ecbb08c fix(token-runtime): preserve fingerprint on refresh and revoke 2026-04-20 10:47:59 +08:00
Your Name
0d81a53b7a docs: summarize remediation lessons and refresh project standards 2026-04-17 22:37:19 +08:00
Your Name
49738f2119 test(supply-api): disable cache in integration runner 2026-04-17 22:10:34 +08:00
Your Name
f48fca565b docs(sql): clarify active schema boundaries and status constraints 2026-04-17 20:12:05 +08:00
Your Name
cccb76b72b feat(supply-api): make withdraw readiness depend on sms wiring 2026-04-17 19:26:20 +08:00
Your Name
9bb1d6ce3e feat(supply-api): gate and wire iam routes explicitly 2026-04-17 19:19:37 +08:00
Your Name
9279e65cd7 fix(supply-api): make compensation executor fail closed 2026-04-17 19:15:45 +08:00
Your Name
2e0f6e29aa fix(supply-api): restore uncached build health 2026-04-17 16:20:34 +08:00
Your Name
ad776e4079 fix: P0/P1 security fixes across gateway, token-runtime, and supply-api 
P0 fixes:
- platform-token-runtime: Add store.Save() after Refresh token update (P0-3)
- platform-token-runtime: Add sync.RWMutex to InMemoryRuntimeStore (P0-4)
- platform-token-runtime: Add bearer token auth to /audit-events endpoint (P0-5)
- gateway: Fail startup in production if PASSWORD_ENCRYPTION_KEY uses default (P0-1)
- gateway: Require explicit CORS_ALLOW_ORIGINS in production (P0-2)

P1 fixes:
- gateway: Add TrustedProxies config field + env var GATEWAY_TRUSTED_PROXIES (P1-5)
- gateway: Sanitize X-Request-ID header to prevent log injection (P1-6)
- gateway: Strip internal error details from error responses to clients (P1-7)
- supply-api: Upgrade deriveDEK from trivial byte-rotation to HKDF-SHA256 (P1-1)
- supply-api: Reject HS256/HS384/HS512 in production, require RSA (P1-2)

Code quality fixes:
- supply-api: Add BruteForceMaxAttempts + BruteForceLockoutDuration to AuthConfig (MED-12)
- supply-api: Add TrustedProxies to token_auth_middleware (IP spoofing protection)
- supply-api: Use shared pathutil.SplitPath instead of duplicate splitPath
- supply-api: Fix query_key_reject_middleware call sites with trustedProxies param
- gateway: Wire TrustedProxies into AuthMiddlewareConfig and extractClientIP
- gateway: Add CORSAllowOrigins to AuthConfig, wire into CORSMiddleware
- gateway: Fix CompletionsHandle to have context and RecordResult like ChatCompletions
- gateway: Add sanitizeRequestID helper for X-Request-ID log injection prevention
- gateway: Add os import for PASSWORD_ENCRYPTION_KEY check
- gateway: Add strings import to handler.go for sanitizeRequestID

Environment issues documented in TEST_ENVIRONMENT_ISSUES.md
 2026-04-17 14:36:02 +08:00
Your Name
6f35b3e1ad refactor(supply-api): slim runtime constructor prelude 2026-04-16 15:38:29 +08:00
Your Name
8eab2a10f7 refactor(supply-api): reduce runtime aggregation density 2026-04-16 12:03:57 +08:00
Your Name
7e945868a5 refactor(supply-api): narrow runtime background surface 2026-04-16 11:38:56 +08:00
Your Name
45029b44d1 refactor(supply-api): narrow runtime http surface 2026-04-16 09:07:28 +08:00
Your Name
44780d1d29 refactor(supply-api): declarify runtime http adapter 2026-04-16 07:45:47 +08:00
Your Name
df8d73b4e3 refactor(supply-api): declarify bootstrap server assembly 2026-04-16 07:24:13 +08:00
Your Name
b9b875ac39 refactor(supply-api): split bootstrap http assembly 2026-04-16 07:11:33 +08:00
Your Name
39c4a11ff9 refactor(supply-api): split runtime store bundle builders 2026-04-15 23:27:11 +08:00
Your Name
22575bdd82 refactor(supply-api): split background startup helpers 2026-04-15 22:58:12 +08:00
Your Name
6e5a36bda1 refactor(supply-api): split runtime assembly helpers 2026-04-15 22:31:50 +08:00
Your Name
56cb40c1f9 refactor(supply-api): normalize app server defaults 2026-04-15 21:54:49 +08:00
Your Name
bec2a7bd1d refactor(supply-api): precheck main env before config load 2026-04-15 20:14:59 +08:00
Your Name
5ae0861fc3 refactor(supply-api): guard unsupported env values 2026-04-15 19:24:20 +08:00
Your Name
d348d5a2c6 refactor(supply-api): normalize runtime startup defaults 2026-04-15 19:12:27 +08:00
Your Name
6940ff52b6 refactor(supply-api): layer runtime startup flow 2026-04-15 18:42:06 +08:00
Your Name
bdacc4452c refactor(supply-api): deduplicate bootstrap assembly 2026-04-15 17:30:10 +08:00
Your Name
1776862768 refactor(supply-api): remove panic-only helper paths 
Return explicit errors from AlertAPI construction instead of panicking inside the library layer, and let main own process-level failure handling.

Also delete the unused config.MustLoad helper and lock the supported config loading paths with tests.
 2026-04-15 15:38:57 +08:00
Your Name
0c370e9353 refactor(domain): simplify outbox retry policy 
Reduce the domain outbox surface to the shared retry/backoff contract that is actually consumed by the runtime layer.

Also make batch compensation processing pick up retrying records explicitly and cover that path with tests.
 2026-04-15 10:44:05 +08:00
Your Name
567446bb25 test(repo): cover untested core packages 2026-04-15 10:17:32 +08:00
Your Name
98b1c2a86f chore(supply-api): refresh idempotency bootstrap comments 
Update stale main.go comments so they match the current single-path idempotency behavior and no longer describe the removed inline fallback path.
 2026-04-14 12:35:01 +08:00
Your Name
88d842648d chore(repo): align integrity entrypoints with current state 
Rewrite module READMEs around the current verified run and test paths, tighten repo_integrity_check.sh with fact-source checks, update supply-api migration baseline, and remove the platform-token-runtime audit query placeholder response.
 2026-04-14 12:29:13 +08:00
Your Name
ab0b0cc031 fix(supply-api): close sms verify and audit flush gaps 
Use a shared in-memory code store across mock, Tencent, and Aliyun SMS services so send and verify follow the same contract. Also surface batch flush failures through FlushNow and explicit error tracking hooks for audit buffering.
 2026-04-14 12:22:10 +08:00
Your Name
ad8d4bda9e feat(supply-api): align schema with repository contract 2026-04-14 12:13:36 +08:00
Your Name
55a6e7424a refactor(supply-api): remove inline idempotency fallback 2026-04-14 12:00:17 +08:00