wangdl

0 Followers · 0 Following

• Joined on 2026-05-02

Repositories

9

Projects Packages Public Activity Starred Repositories

wangdl pushed to main at wangdl/api-server 2026-06-06 12:07:45 +08:00

28c68a8c3b fix: code review — 6 medium issues in KnowledgeItem/LearningActivity

wangdl commented on issue wangdl/api-server#69 2026-06-06 12:05:00 +08:00

[P0] COS 预签名 URL q-sign-time 结束时间戳被截断，iOS 端文件下载全部 AccessDenied

Bug 修复 (2026-06-06)

问题

enrichItem() 中 `enriched.sourceType = enriched.sourceType

wangdl commented on issue wangdl/api-server#65 2026-06-06 12:05:00 +08:00

🟡 P1 | PATCH /knowledge-items/{id} 支持 parentId 和重命名

Bug 修复 (2026-06-06)

问题

KnowledgeItemsRepository.update() 使用 Record<string, any> 直接透传给 Prisma，存在 Mass Assignment 漏洞。攻击者可传入 userId、`delet…

wangdl commented on issue wangdl/api-server#64 2026-06-06 12:05:00 +08:00

🟡 P1 | POST /knowledge-bases/{id}/folders 创建文件夹

Bug 修复 (2026-06-06)

问题 1: 权限校验缺失

createFolder() 未验证调用者是否是知识库 owner，任何人可往任意知识库创建文件夹。

修复: 新增…

wangdl pushed to main at wangdl/api-server 2026-06-06 12:04:27 +08:00

4b21c98835 fix: code review — 4 critical bugs in KnowledgeItem/KB modules

wangdl closed issue wangdl/api-server#47 2026-06-05 20:17:14 +08:00

H0-02 为 /internal/* 增加 InternalAuthGuard

wangdl closed issue wangdl/api-server#48 2026-06-05 20:17:14 +08:00

H0-03 JwtAuthGuard 增加用户状态检查

wangdl closed issue wangdl/api-server#46 2026-06-05 20:17:13 +08:00

H0-01 修复 Apple 登录 mock fallback

wangdl closed issue wangdl/api-server#39 2026-06-05 20:17:12 +08:00

M4-05 Reporting & Export Module

wangdl closed issue wangdl/api-server#40 2026-06-05 20:17:12 +08:00

M4-06 Project Center Module

wangdl closed issue wangdl/api-server#41 2026-06-05 20:17:12 +08:00

M4-07 Hermes Agent Module

wangdl closed issue wangdl/api-server#42 2026-06-05 20:17:12 +08:00

M4-08 Release & Decision Module

wangdl closed issue wangdl/api-server#43 2026-06-05 20:17:12 +08:00

M4-09 Compliance & Safety Module

wangdl closed issue wangdl/api-server#44 2026-06-05 20:17:12 +08:00

M4-10 Notification 深化

wangdl closed issue wangdl/api-server#45 2026-06-05 20:17:12 +08:00

M4-11 Secret/Vendor Asset 深化

wangdl closed issue wangdl/api-server#37 2026-06-05 20:17:11 +08:00

M4-03 Server Monitor Module

wangdl closed issue wangdl/api-server#38 2026-06-05 20:17:11 +08:00

M4-04 Backup & Cleanup Module

wangdl closed issue wangdl/api-server#67 2026-06-05 20:12:23 +08:00

🟢 P2 | GET /activity/trend 返回真实趋势数据

wangdl pushed to main at wangdl/api-server 2026-06-05 20:12:20 +08:00

4b8653080e feat: #67 GET /activity/trend 新增 dailySeries 时间序列数据

wangdl closed issue wangdl/api-server#66 2026-06-05 20:10:13 +08:00

🟢 P2 | KnowledgeItem 新增 fileSize 字段