Your Name
1776862768
refactor(supply-api): remove panic-only helper paths
...
Return explicit errors from AlertAPI construction instead of panicking inside the library layer, and let main own process-level failure handling.
Also delete the unused config.MustLoad helper and lock the supported config loading paths with tests.
2026-04-15 15:38:57 +08:00
Your Name
6d7ef661e6
feat(supply-api): persist audit alerts
2026-04-14 11:52:45 +08:00
Your Name
116eabf427
refactor(httpapi): 统一错误码格式
...
1. 创建 error_codes.go 定义标准化错误码常量
2. 替换所有硬编码错误码为常量引用
3. 修复 goroutine 未传递 context 的问题
错误码格式:
- HTTP 层通用错误: SUP_HTTP_XXXX
- 业务错误码: SUP_XXX_NNNN
修复:
- db_token_backend.go: goroutine 使用 ctx 而非 context.Background()
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-12 23:04:59 +08:00
Your Name
d5b5a8ece0
fix: 系统性修复安全问题、性能问题和错误处理
...
安全问题修复:
- X-Forwarded-For越界检查(auth.go)
- checkTokenStatus Context参数传递(auth.go)
- Type Assertion安全检查(auth.go)
性能问题修复:
- TokenCache过期清理机制
- BruteForceProtection过期清理
- InMemoryIdempotencyStore过期清理
错误处理修复:
- AuditStore.Emit返回error
- domain层emitAudit辅助方法
- List方法返回空slice而非nil
- 金额/价格负数验证
架构一致性:
- 统一使用model.RoleHierarchyLevels
新增功能:
- Alert API完整实现(CRUD+Resolve)
- pkg/error错误码集中管理
2026-04-07 07:41:25 +08:00
