chiguyong
e7423f602f
fix(security): resolve 2 P0 issues - hardcoded JWT secret and stored XSS
...
Deploy EternalAI / deploy (push) Failing after 55m27s
Details
P0-1: JWT secret hardcoded fallback (src/lib/auth.js)
- Remove insecure hardcoded default 'eternalai_jwt_secret_2026_change_in_prod'
- Fail-fast in production: throw error if JWT_SECRET env var is missing
- Dev/test: print security warning and use dev-only temporary secret
P0-2: Stored XSS via innerHTML (app.js)
- Add escapeHtml() utility function (escapes & < > " ')
- Escape all user-controlled data in innerHTML templates:
- Role library list (id, displayName, desc, avatar, price)
- Creator center role list (id, displayName, avatar, status)
- Role detail price
- Income records (role, time)
- Error messages in catch blocks
All 35 E2E tests pass.
2026-06-21 00:08:30 +08:00
chiguyong
fc53fa2e58
ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup
...
Deploy EternalAI / deploy (push) Has been cancelled
Details
- Add ecosystem.config.js for PM2 process management
- Add deploy/setup-server.sh for one-shot server initialization (auto-detects OS, installs Node.js 20/PostgreSQL 15/PM2/Nginx)
- Add deploy/deploy.sh for repeatable deployments (pull -> install -> migrate -> reload -> health check)
- Add deploy/nginx.conf reverse proxy template with security headers
- Rewrite .gitea/workflows/deploy.yml with full CI/CD pipeline (checkout -> build -> migrate -> deploy -> health check)
- Add .env.example template with DATABASE_URL/JWT_SECRET/PORT/ALLOWED_ORIGINS
- Add docs/deployment.md (full deployment guide) and docs/business-processes.md
- Update package.json scripts (db:generate, test:e2e, deploy)
- Add logs/ to .gitignore
2026-06-20 23:50:53 +08:00
chiguyong
dad034a833
test: add 35 E2E tests (auth/roles/creator/navigation) and fix temperature validation bug
2026-06-20 23:24:48 +08:00
chiguyong
bf114820f3
feat: add PostgreSQL + JWT backend, fix 4 critical issues (auth/role persistence/edit/library)
Deploy EternalAI / deploy (push) Has been cancelled
Details
2026-06-20 20:39:09 +08:00
chiguyong
d716d30c6d
chore: clean up repo structure and fix config
...
Deploy EternalAI / deploy (push) Has been cancelled
Details
- Remove node_modules/ from git tracking (was committed by mistake)
- Delete stub files: src/index.js, scripts/deploy.sh (empty)
- Fix CI/CD: trigger on master (not main), remove nonexistent build step
- Rewrite README to match actual HTML5 SPA project
- Fix package.json: remove embedded credentials from repo URL
- Update .gitignore: add .DS_Store, *.log, .env
2026-06-20 20:05:19 +08:00
chiguyong
5a7155ecbc
fix(a11y): improve accessibility across all views
...
- FAQ: add aria-expanded/aria-controls/role=region via initFaqA11y()
- TabBar/Auth/Center/Preview tabs: add role=tablist/tab/aria-selected
- View switching: focus management + aria-live announcement region
- Role cards: role=button, tabindex=0, Enter/Space keyboard support
- Login form: autocomplete=username/current-password (was off)
- Register form: autocomplete=username/new-password
- Add skip-link for keyboard users
- Add :focus-visible outlines on all interactive elements
- Improve placeholder contrast (0.45 → 0.7 opacity)
- Add prefers-reduced-motion media query
- Add aria-live=polite on dynamic role-list/income-list containers
- Add aria-label on all view sections
2026-06-20 18:40:51 +08:00
chiguyong
7725cf1f65
feat: implement full navigation and PRD P2-P7 pages
...
- U1: 我的 XXX 根据登录态分流(未登录→auth,已登录→role-library/creator-center)
- U2: 新增角色库页(P2),含角色卡片列表与空态
- U3: 新增角色详情页(P3),含付款态切换
- U4: 新增关于 Eternal AI 页(P5),含 FAQ 折叠
- U5: 重构创作者入驻页(P6)为微信联系引导
- U6: 人设蒸馏表单重新定位为创作者中心-角色编辑
- U7: 新增创作者管理中心(P7),含角色/收入/我的 三 tab
- U8: 新增底部 tabBar 导航(首页/蒸馏前任/我的)
- U9: 统一 showView 路由、history 返回、localStorage 状态持久化
2026-06-20 18:19:34 +08:00
Eternal AI Builder
d9d6404218
Add full feature and navigation rationality plan
2026-06-20 18:19:34 +08:00
chigulong
2a13044f12
Configure EternalAI project with Express server and deployment scripts
2026-06-20 18:13:44 +08:00
chigulong
4d1679045c
Merge branch 'master' of http://gitea.fischerai.cn/chigulong/EternalAI
2026-06-20 17:10:31 +08:00
chigulong
c91f49e1f7
Initial commit: EternalAI project setup
2026-06-20 17:10:06 +08:00
Eternal AI Builder
6ce6b8a464
Add distinct auth and distill-ex views per PRD
2026-06-20 17:01:20 +08:00
Eternal AI Builder
75d2271cbe
Adjust card/form margins and add CSS cache busting
2026-06-20 16:43:04 +08:00
Eternal AI Builder
7db0dab973
Initial commit: Eternal AI landing page and character creator
2026-06-20 16:30:12 +08:00