小鱼开发
95e55293c6
后端安全: - DEBUG 默认 True → False - 彻底移除 AUTH_BYPASS 认证绕过 - 验证码不再明文打印到日志 - 上传接口增加大小限制(500MB/20MB/100MB)与魔数校验 - python-jose → PyJWT, 更新 requirements.lock/uv.lock - Bandit 恢复关键规则(B104/B301/B305/B314/B324/B603/B607) - 修复 5 处 try_except_pass, 15 处加 nosec 注释 - 启用 Bandit pre-commit 钩子 前端安全: - 配置完整 CSP 策略 - 收紧 Capabilities(fs:allow-read-file → $RESOURCE/**) - 移除硬编码 devToken - 清理前端 TODO(美家卡智影命名统一) 部署修复: - docker-compose.prod 增加 alembic 迁移步骤 - api + scheduler 增加 Redis 心跳健康检查 - Nginx 添加安全响应头 - Nginx client_max_body_size 100M → 500M - .env.example 补充 UPLOAD_MAX_* 配置与安全注释 其他: - /voice/upload 合并到 /upload/audio - Rust 上传增加文件大小检查 - 清理 Rust 19 处 println! + 前端 21 处 console.info - 修复 VideoCompose.tsx toast 未导入(已有bug)
56 lines
1.1 KiB
JSON
56 lines
1.1 KiB
JSON
{
|
|
"$schema": "../gen/schemas/desktop-schema.json",
|
|
"identifier": "default",
|
|
"description": "Capability for the main window",
|
|
"windows": ["main"],
|
|
"permissions": [
|
|
"core:default",
|
|
"opener:default",
|
|
{
|
|
"identifier": "opener:allow-open-path",
|
|
"allow": [
|
|
{ "path": "$APPLOCALDATA/**" },
|
|
{ "path": "$APPDATA/**" },
|
|
{ "path": "$APPCONFIG/**" },
|
|
{ "path": "$RESOURCE/**" },
|
|
{ "path": "/**" }
|
|
]
|
|
},
|
|
"shell:default",
|
|
"shell:allow-spawn",
|
|
"fs:default",
|
|
"fs:allow-app-read-recursive",
|
|
"fs:allow-app-write-recursive",
|
|
{
|
|
"identifier": "fs:allow-read-file",
|
|
"allow": [
|
|
{
|
|
"path": "$RESOURCE/**"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"identifier": "fs:allow-exists",
|
|
"allow": [
|
|
{
|
|
"path": "$APPLOCALDATA/**"
|
|
},
|
|
{
|
|
"path": "$APPDATA/**"
|
|
},
|
|
{
|
|
"path": "$APPCONFIG/**"
|
|
},
|
|
{
|
|
"path": "$RESOURCE/**"
|
|
},
|
|
{
|
|
"path": "/**"
|
|
}
|
|
]
|
|
},
|
|
"dialog:default",
|
|
"dialog:allow-open"
|
|
]
|
|
}
|