Commit Graph

4 Commits

Author SHA1 Message Date
chiguyong a921f64ee0 fix(security): apply ce-code-review fixes (1 P0, 6 P1, 6 P2)
P0:
- sync-token.js: remove dead consumeSyncToken code, use crypto.randomBytes for jti

P1:
- admin-sync.js: add SSRF protection (protocol/host allowlist, block private IPs in prod)
- admin-sync.js: add POST /:roleId/reset for syncing state recovery
- admin-sync.js: use BASE_URL env var instead of forgeable Host header
- admin-sync.js: guard catch block to only rollback syncing->failed (not approved)
- admin-config.js: write-protect SYNC_SECRET from manual override
- admin-config.js: add updatedAt to PUT response
- roles.js: reset reviewStatus to pending_review when editing synced role
- roles.js: filter GET /:id by reviewStatus=synced
- scripts/migrate-existing-roles-to-synced.js: data migration for existing roles

P2:
- server.js: mock-hermes use explicit allowlist [development, test]
- auth.js: ADMIN_JWT_SECRET fail-fast in production
- hermes.js: unify error messages to Chinese
- admin-sync.js: do not leak err.message in response
- admin.js: validate pagination params (page/pageSize bounds)

All 54 E2E tests pass (19 admin-sync-flow + 35 existing).
2026-06-21 16:14:53 +08:00
chiguyong 848939dc21 feat: add admin review + Hermes sync workflow with sync_token auth 2026-06-21 15:25:01 +08:00
chiguyong 9f4ee690db chore: clean up repo structure and fix config
- Remove node_modules/ from git tracking (was committed by mistake)
- Delete stub files: src/index.js, scripts/deploy.sh (empty)
- Fix CI/CD: trigger on master (not main), remove nonexistent build step
- Rewrite README to match actual HTML5 SPA project
- Fix package.json: remove embedded credentials from repo URL
- Update .gitignore: add .DS_Store, *.log, .env
2026-06-21 14:05:37 +08:00
chigulong c91f49e1f7 Initial commit: EternalAI project setup 2026-06-20 17:10:06 +08:00