Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
635025d
feat(db): 新增 users 表迁移 —— 多用户登录账号落库
mirror29 Jul 2, 2026
a643600
feat(paper): /auth/login 端点 + argon2 密码校验 + create_user 脚本
mirror29 Jul 2, 2026
e953fc7
feat(orchestration): tool 打后端时转发登录用户 sub,agent 写操作按用户隔离
mirror29 Jul 2, 2026
f53d1b3
feat(dashboard): 登录会话 + 登录页 + 中间件鉴权 + subject 从 session 派生
mirror29 Jul 2, 2026
a030c50
chore(infra): AUTH_ENABLED 开关(本地免登录/线上强制) + compose 注入
mirror29 Jul 2, 2026
da87c65
fix(orchestration): pending-plan 护栏按登录用户查 + 补 resolveRequestToken 单测
mirror29 Jul 2, 2026
cecade7
feat(paper): /auth/login 加按邮箱失败节流(抗在线爆破)
mirror29 Jul 2, 2026
577aa09
fix(dashboard): 登录 429 透传 —— 被限流时提示'尝试过于频繁'而非'服务不可用'
mirror29 Jul 2, 2026
c816cdd
fix(paper): 登录节流表改 LRU 淘汰,堵住'刷万级邮箱清表'绕过
mirror29 Jul 2, 2026
cde5ba9
fix(dashboard): chat 会话读/改按 owner 校验,堵越权(IDOR)
mirror29 Jul 2, 2026
a391def
fix(paper): 登录失败节流 check+record 原子化,堵并发爆破
mirror29 Jul 2, 2026
5e8164a
test(dashboard): 搭最小 vitest + ownsThread 越权(IDOR)回归测试
mirror29 Jul 2, 2026
fd4560e
ci(dashboard): CI 跑 pnpm test(vitest),让 ownsThread 回归真正生效
mirror29 Jul 2, 2026
b794f21
fix(dashboard,shared): session token 加 token_use + 后端拒收 session 凭据
mirror29 Jul 2, 2026
528ad89
fix(paper): 登录邮箱 strip 口径统一(节流 key / DB 查询 / 建号存储一致)
mirror29 Jul 2, 2026
4e176e2
test(orchestration): 证 mastra Memory 按 resourceId 隔离 thread(#130 回归守卫)
mirror29 Jul 2, 2026
b321a6c
fix(dashboard): 生产强制开登录(AUTH_ENABLED fail-safe)
mirror29 Jul 2, 2026
d336146
fix(paper): 多 worker 启动报警(登录节流/live runner 单进程假设)
mirror29 Jul 2, 2026
3d3cb68
fix(paper): create_user 密码改 getpass/stdin,不留痕
mirror29 Jul 2, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ JWT_SECRET=please-change-me-32-chars-minimum-xxxx
JWT_ALGORITHM=HS256
LOG_LEVEL=INFO

# 多用户登录开关:dashboard 读。false/不设(本地)=不登录回落 CONSOLE_SUBJECT;
# true(线上)=强制登录。账号存 DB(users 表),用 services/paper/scripts/create_user.py 种入。
AUTH_ENABLED=false


# ───── 2. Service URLs & ports(本地默认) ─────────────────
DATA_SERVICE_URL=http://localhost:8001
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,8 @@ jobs:
run: pnpm install --frozen-lockfile
- name: Type check
run: pnpm typecheck
- name: Unit tests
run: pnpm test
- name: Build (Next.js dynamic app)
run: pnpm build

Expand Down
3 changes: 3 additions & 0 deletions apps/dashboard/.env.local.example
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@
# CONSOLE_SUBJECT=console:dev
# CONSOLE_EMAIL=console@inalpha.dev

# ── 多用户登录。默认关;本地联调登录闸门再设 true(需先 migrate 建 users 表 + create_user)──
# AUTH_ENABLED=false

# ── 指向远端 / 非默认端口的后端 ──
# PAPER_SERVICE_URL=http://127.0.0.1:8002
# DATA_SERVICE_URL=http://127.0.0.1:8001
Expand Down
3 changes: 2 additions & 1 deletion apps/dashboard/messages/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
"menu": "Menu",
"close": "Close",
"collapse": "Collapse sidebar",
"expand": "Expand sidebar"
"expand": "Expand sidebar",
"logout": "Sign out"
},
"theme": {
"label": "Theme",
Expand Down
3 changes: 2 additions & 1 deletion apps/dashboard/messages/zh.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
"menu": "菜单",
"close": "关闭",
"collapse": "收起侧边栏",
"expand": "展开侧边栏"
"expand": "展开侧边栏",
"logout": "登出"
},
"theme": {
"label": "主题",
Expand Down
6 changes: 4 additions & 2 deletions apps/dashboard/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
"dev": "next dev -p 3001",
"build": "next build",
"start": "next start -p 3001",
"typecheck": "tsc --noEmit"
"typecheck": "tsc --noEmit",
"test": "vitest run"
},
"dependencies": {
"@ag-ui/mastra": "^1.0.3",
Expand Down Expand Up @@ -45,6 +46,7 @@
"@types/react-dom": "^19.2.3",
"postcss": "^8.5.15",
"tailwindcss": "^4.3.0",
"typescript": "^6.0.3"
"typescript": "^6.0.3",
"vitest": "^4.1.7"
}
}
Loading
Loading