小鱼开发
95e55293c6
后端安全: - DEBUG 默认 True → False - 彻底移除 AUTH_BYPASS 认证绕过 - 验证码不再明文打印到日志 - 上传接口增加大小限制(500MB/20MB/100MB)与魔数校验 - python-jose → PyJWT, 更新 requirements.lock/uv.lock - Bandit 恢复关键规则(B104/B301/B305/B314/B324/B603/B607) - 修复 5 处 try_except_pass, 15 处加 nosec 注释 - 启用 Bandit pre-commit 钩子 前端安全: - 配置完整 CSP 策略 - 收紧 Capabilities(fs:allow-read-file → $RESOURCE/**) - 移除硬编码 devToken - 清理前端 TODO(美家卡智影命名统一) 部署修复: - docker-compose.prod 增加 alembic 迁移步骤 - api + scheduler 增加 Redis 心跳健康检查 - Nginx 添加安全响应头 - Nginx client_max_body_size 100M → 500M - .env.example 补充 UPLOAD_MAX_* 配置与安全注释 其他: - /voice/upload 合并到 /upload/audio - Rust 上传增加文件大小检查 - 清理 Rust 19 处 println! + 前端 21 处 console.info - 修复 VideoCompose.tsx toast 未导入(已有bug)
173 lines
3.5 KiB
Plaintext
173 lines
3.5 KiB
Plaintext
# This file was autogenerated by uv via the following command:
|
|
# uv pip compile pyproject.toml -o requirements.lock
|
|
aiohappyeyeballs==2.6.1
|
|
# via aiohttp
|
|
aiohttp==3.13.5
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
aiosignal==1.4.0
|
|
# via aiohttp
|
|
alembic==1.14.1
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
annotated-doc==0.0.4
|
|
# via fastapi
|
|
annotated-types==0.7.0
|
|
# via pydantic
|
|
anyio==4.13.0
|
|
# via
|
|
# httpx
|
|
# openai
|
|
# starlette
|
|
# volcengine-python-sdk
|
|
# watchfiles
|
|
asyncpg==0.30.0
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
attrs==26.1.0
|
|
# via aiohttp
|
|
bcrypt==4.2.1
|
|
# via
|
|
# meijiaka-ai-api (pyproject.toml)
|
|
# passlib
|
|
certifi==2026.4.22
|
|
# via
|
|
# httpcore
|
|
# httpx
|
|
# requests
|
|
# volcengine-python-sdk
|
|
cffi==2.0.0
|
|
# via cryptography
|
|
charset-normalizer==3.4.7
|
|
# via requests
|
|
click==8.3.3
|
|
# via uvicorn
|
|
cryptography==48.0.0
|
|
# via volcengine-python-sdk
|
|
distro==1.9.0
|
|
# via openai
|
|
fastapi==0.136.1
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
frozenlist==1.8.0
|
|
# via
|
|
# aiohttp
|
|
# aiosignal
|
|
greenlet==3.5.0
|
|
# via sqlalchemy
|
|
h11==0.16.0
|
|
# via
|
|
# httpcore
|
|
# uvicorn
|
|
httpcore==1.0.9
|
|
# via httpx
|
|
httptools==0.7.1
|
|
# via uvicorn
|
|
httpx==0.28.1
|
|
# via
|
|
# meijiaka-ai-api (pyproject.toml)
|
|
# openai
|
|
# volcengine-python-sdk
|
|
idna==3.13
|
|
# via
|
|
# anyio
|
|
# httpx
|
|
# requests
|
|
# yarl
|
|
jiter==0.14.0
|
|
# via openai
|
|
mako==1.3.12
|
|
# via alembic
|
|
markupsafe==3.0.3
|
|
# via mako
|
|
multidict==6.7.1
|
|
# via
|
|
# aiohttp
|
|
# yarl
|
|
mutagen==1.47.0
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
openai==1.58.1
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
orjson==3.11.9
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
passlib==1.7.4
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
propcache==0.4.1
|
|
# via
|
|
# aiohttp
|
|
# yarl
|
|
psycopg2-binary==2.9.12
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
pycparser==3.0
|
|
# via cffi
|
|
pydantic==2.9.2
|
|
# via
|
|
# meijiaka-ai-api (pyproject.toml)
|
|
# fastapi
|
|
# openai
|
|
# pydantic-settings
|
|
# volcengine-python-sdk
|
|
pydantic-core==2.23.4
|
|
# via pydantic
|
|
pydantic-settings==2.6.1
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
pyjwt==2.10.1
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
python-dateutil==2.9.0.post0
|
|
# via volcengine-python-sdk
|
|
python-dotenv==1.2.2
|
|
# via
|
|
# pydantic-settings
|
|
# uvicorn
|
|
python-multipart==0.0.27
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
pyyaml==6.0.3
|
|
# via
|
|
# meijiaka-ai-api (pyproject.toml)
|
|
# uvicorn
|
|
qiniu==7.13.2
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
redis==5.2.1
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
requests==2.33.1
|
|
# via qiniu
|
|
six==1.17.0
|
|
# via
|
|
# python-dateutil
|
|
# volcengine-python-sdk
|
|
sniffio==1.3.1
|
|
# via openai
|
|
sqlalchemy==2.0.49
|
|
# via
|
|
# meijiaka-ai-api (pyproject.toml)
|
|
# alembic
|
|
starlette==1.0.0
|
|
# via fastapi
|
|
tenacity==9.0.0
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
tqdm==4.67.3
|
|
# via openai
|
|
typing-extensions==4.15.0
|
|
# via
|
|
# alembic
|
|
# fastapi
|
|
# openai
|
|
# pydantic
|
|
# pydantic-core
|
|
# sqlalchemy
|
|
# typing-inspection
|
|
typing-inspection==0.4.2
|
|
# via fastapi
|
|
urllib3==2.7.0
|
|
# via
|
|
# requests
|
|
# volcengine-python-sdk
|
|
uvicorn==0.32.1
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
uvloop==0.22.1
|
|
# via uvicorn
|
|
volcengine-python-sdk==5.0.26
|
|
# via meijiaka-ai-api (pyproject.toml)
|
|
watchfiles==1.1.1
|
|
# via uvicorn
|
|
websockets==16.0
|
|
# via uvicorn
|
|
yarl==1.23.0
|
|
# via aiohttp
|