wangdl
b5de001dbb
fix: FileUploadRateLimit 10→200/小时,支持批量上传
...
Deploy API Server / build-and-deploy (push) Successful in 43s
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 22:41:56 +08:00
wangdl
b9e6055400
fix: H0-01 彻底阻断生产环境 mock + 结构化错误码 + iOS Auth 合同文档
...
Deploy API Server / build-and-deploy (push) Successful in 41s
- apple-auth.service.ts: verifyIdentityToken 增加 NODE_ENV 检查,
生产环境缺 APPLE_BUNDLE_ID 时运行时返回 401,不再走 mock
- 新增 CAPIErrorCode 语义错误码体系 (src/common/errors/)
- 新增 CapiException 携带 errorCode 的 HttpException 子类
- GlobalExceptionFilter 响应自动包含 errorCode 字段
- AuthService/JwtAuthGuard/AppleAuthService 全部改用 CapiException
- 新增 LoginResponseDto/RefreshResponseDto/LogoutResponseDto/UserDto
- Auth controller Swagger 添加 type 参数
- 新增 docs/ios-auth-api-contract.md
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 21:03:15 +08:00
6a13edc7fb
feat: H0 milestone — iOS integration blocking fixes
...
Deploy API Server / build-and-deploy (push) Successful in 44s
H0-01: Reject Apple login mock fallback in production
H0-02: Protect /internal/* with InternalAuthGuard (X-Internal-API-Key)
H0-03: JwtAuthGuard check user status (deletedAt, status)
H0-04: Refresh token check user status + revoke all on deleted
H0-05: User/admin JWT isolation (type=user/admin, enforce ADMIN_JWT_ACCESS_SECRET)
H0-06: Add DTOs for import/source/learning-session controllers
H0-07: 22 E2E tests (h0.e2e-spec.ts), 5 iOS integration docs
Tests: 47/47 (H0 22 + M0 25), no regression.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-25 16:55:04 +08:00
2bfa9ad7c3
fix: M3 audit — scheduleState persistence, AI→ReviewCard subscriber, ActiveRecall queue, streak bug, domain events
...
Deploy API Server / build-and-deploy (push) Successful in 41s
- M3-02: Add scheduleState to ReviewCard model + persist in updateCard/insertCard
- M3-02: Add ReviewCardSubscriber (OnEvent 'ai.analysis.completed' → generateCards)
- M3-02: Add AdminReviewController (GET /admin-api/reviews)
- M3-01: ActiveRecall now enqueues via AiAnalysisService instead of direct workflow call
- M3-01: FocusItem model adds source field, worker uses status:'open'
- M3-03: Fix streak calculation (break on gap), add StreakUpdatedEvent/DailyGoalAchievedEvent
- M3-03: Add LearningGoal/StreakRecord/LearningStats to Prisma schema
- M3-03: Fix FocusItem recommendation query (status:'pending' → 'open')
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-24 16:17:34 +08:00
8e5d722a1e
feat: M3-04/05/06 — Workspace Experience, Notification, Cache Module
...
Deploy API Server / build-and-deploy (push) Successful in 44s
M3-04: RecentItem/Favorite/SearchHistory models, Tag CRUD, global search, workspace dashboard
M3-05: NotificationPreference/PushToken/Template models, preferences, push tokens, admin templates
M3-06: CacheService with wrap() penetration protection, key naming conventions, admin cache management
E2E: 27 new tests for M3-04/05/06 (35/36 passing overall)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-24 16:01:34 +08:00
5fd737967f
feat: M1-01~03 — AI Gateway deepening, Vector module, Task Queue deepening
...
Deploy API Server / build-and-deploy (push) Failing after 23s
M1-01 AI Gateway:
- DB-driven ModelRoute/ProviderConfig/FallbackEvent tables
- ModelRouter rewrite with loadFromDb() hot-reload
- Fallback event recording + AIUsageRecorded event publishing
- Admin AAPI: routes CRUD, provider enable/disable, fallback events log
M1-02 Vector & Retrieval:
- VectorService with Qdrant client (upsert/delete/search/rerank)
- Admin AAPI: collection status, vector count, reindex trigger
M1-03 Task Queue:
- 16 task types with default retry/timeout configs
- Task stats dashboard, worker status panel, batch retry endpoint
M0 audit fixes:
- ApiMetric retention policy (30-day cleanup)
- Content Safety integration in Files module
- Queue registration centralized (domain-events)
- SECRET_MASTER_KEY production validation
E2E tests:
- M0: 28 smoke tests covering all 14 M0 issues
- M1: 16 tests covering M1-01/02/03
- Mock infrastructure: prisma, ioredis, jose, bullmq, qdrant
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-24 10:18:07 +08:00
466acc7e83
fix: return empty string when queue unavailable
Deploy API Server / build-and-deploy (push) Has been cancelled
2026-05-23 19:47:55 +08:00
ad0e4f397a
fix: break circular dependency between EventBusService and QueueService
Deploy API Server / build-and-deploy (push) Has been cancelled
2026-05-23 19:47:40 +08:00
2bd416c807
feat: M0-07 Observability — MetricsInterceptor + admin metrics AAPI
Deploy API Server / build-and-deploy (push) Successful in 36s
2026-05-22 23:19:31 +08:00
c7052ee48e
fix: ThrottlerStorage v6 interface again
Deploy API Server / build-and-deploy (push) Successful in 37s
2026-05-22 23:16:06 +08:00
9e8f3dccd7
feat: M0-06 Content Safety — sensitive word check + admin AAPI
Deploy API Server / build-and-deploy (push) Has been cancelled
2026-05-22 23:12:39 +08:00
4d977d2a85
fix: ThrottlerStorage v6 interface
Deploy API Server / build-and-deploy (push) Successful in 38s
2026-05-22 23:09:37 +08:00
28d68675b1
feat: M0-05 Traffic Protection — Redis throttle + timeout
Deploy API Server / build-and-deploy (push) Failing after 18s
2026-05-22 23:09:16 +08:00
42e9e80f4c
feat: M0-02 EventBus — sync+async publish + DomainEvents queue
Deploy API Server / build-and-deploy (push) Successful in 1m14s
2026-05-22 22:22:25 +08:00
3fd5f94db5
feat: complete M0-01 — TraceId + BaseService + DomainEvent + SensitiveLogger
Deploy API Server / build-and-deploy (push) Successful in 35s
2026-05-22 22:19:06 +08:00
5a7c21dd60
feat: implement complete admin authentication system
...
Deploy API Server / build-and-deploy (push) Successful in 9s
- Add AdminRole enum (SUPER_ADMIN/ADMIN/OPERATIONS/DEVELOPER/READONLY) with hierarchy
- Add PasswordService (bcryptjs, 12 rounds), AdminTokenService (type=admin JWT)
- Add AdminAuthService: login/lockout/refresh/logout with audit logging
- Add AdminAuthController: /admin-api/auth/{login,refresh,logout,me}
- Add AdminAuthGuard: validates type=admin, user status, session, lockout
- Add AdminRolesGuard + @AdminRoles() decorator for RBAC
- Add AdminAuditService for audit log persistence
- Add AdminLoginRateLimit (10 req/15min per IP)
- Add prisma/seed.ts for SUPER_ADMIN initialization via env vars
- Update JwtAuthGuard to skip /admin-api/* and /internal/* paths
- Update main.ts to exclude admin-api/internal from global 'api' prefix
- Update jwt.config.ts with admin JWT secrets and expiry config
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-21 15:05:31 +08:00
82fcaa1f2f
fix: replace RateLimitService with global RateLimitGuard
...
Deploy API Server / build-and-deploy (push) Successful in 59s
RateLimitService could not be injected into feature modules due to
NestJS DI module isolation. Replaced with a global Guard that uses
@RateLimit() decorator metadata to apply per-endpoint limits.
- RateLimitGuard: checks Redis counters, throws 429 on exceed
- Decorators: LoginRateLimit, FeedbackRateLimit, AiAnalysisRateLimit,
FileUploadRateLimit
- Applied to: auth (login), feedback, ai-analysis, files endpoints
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 10:23:19 +08:00
08f31dd5b6
feat: P0 后端补全 — BullMQ Workers 注册 + 用户 Profile API + 角色权限
...
- AppModule 注册 3 个 BullMQ Workers (AiAnalysis/DocumentImport/Notification)
- Users 模块新增 GET/PATCH /users/me/profile 端点:
- GET 读取 UserProfile (learningIdentity, learningDirection, bio, currentGoal)
- PATCH upsert UserProfile
- GET /users/me 返回 profile + preferences (include join)
- 新增 RolesGuard + @Roles() 装饰器 (UserRole enum)
- QueueModule/QueueService 改进
- 各模块 controller/repository/service 完善
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-17 19:08:07 +08:00
007b56dad5
feat: AI三层架构 + 全局JwtAuthGuard + 12个Repository迁Prisma
...
Deploy API Server / build-and-deploy (push) Successful in 1m0s
- AI: 新三层架构 Provider→Gateway→Workflow(15文件,DeepSeek+MiniMax)
- Auth: 全局JwtAuthGuard + @Public()装饰器白名单路由
- DB: 12个Repository从Map/Array迁到Prisma
- Schema: 新增AiUsageLog、WaitlistEntry模型
- API: /api-docs-json加Basic Auth保护
- 清理: 删除infrastructure/ai、docs/旧文档
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-17 00:39:46 +08:00
fa69749884
refactor(auth): restructure auth system, align with iOS login flow spec
...
- Split AuthService into AppleAuthService, TokenService, AuthService
- Add dev-login endpoint (dev-only, disabled in production)
- AppleLoginDto: authorizationCode optional, add userIdentifier/email/fullName/nonce
- Login/refresh responses now include user object
- logout: single-token revoke + JwtAuthGuard protection
- users.repository: switch from in-memory Map to Prisma persistence
- JWT payload includes role, guards attach full user info to request
- Dual JWT secret support (JWT_ACCESS_SECRET / JWT_REFRESH_SECRET)
- Replace jwks-rsa+jsonwebtoken with jose library
- Prisma User model: add role field
- Independent DTO files with @Transform for empty string safety
- Add 5 iOS login flow documentation files
2026-05-13 17:31:50 +08:00
ef7c1f1bc9
feat: 安全基线 + 4个安全漏洞修复 - JWT AuthGuard/OptionalAuthGuard, StrictValidationPipe, 全局异常过滤器, Redis限流429, Apple登录mock模式, BigInt精度修复, SECURITY.md
2026-05-09 18:57:33 +08:00
35de65e99b
feat: 重构 api-server 为模块化单体架构,接入 MySQL + Redis
...
- 按 BACKEND-PLAN.md 将项目重构为 4 层架构:
config/ -> common/ -> infrastructure/ -> modules/
- 15 个业务模块,遵循 Controller → Service → Repository 分层
- infrastructure: PrismaService / RedisService / QueueService / AiService / StorageService
- common: guards / interceptors / filters / pipes / decorators / dto / types / utils
- Prisma schema 含 27 张表,MySQL 8.0 服务器 db push 成功
- Redis 7 接入: 限流/任务状态/分布式锁/队列预留
- ai-analysis 模块: 每日 50 次限流 + 重复提交锁 + 异步任务状态追踪
- document-import 模块: 异步导入流程 + 进度追踪
- notifications 模块: BullMQ notification 队列预留
- /health 端点实时返回 database + redis 连接状态
- Swagger 注册 15 个 tag,67 个路由全部映射
2026-05-09 18:25:04 +08:00
