EternalAI Project Repository
Go to file
chiguyong d6f222c2e0 fix(security): resolve 2 P0 issues - hardcoded JWT secret and stored XSS
P0-1: JWT secret hardcoded fallback (src/lib/auth.js)
- Remove insecure hardcoded default 'eternalai_jwt_secret_2026_change_in_prod'
- Fail-fast in production: throw error if JWT_SECRET env var is missing
- Dev/test: print security warning and use dev-only temporary secret

P0-2: Stored XSS via innerHTML (app.js)
- Add escapeHtml() utility function (escapes & < > " ')
- Escape all user-controlled data in innerHTML templates:
  - Role library list (id, displayName, desc, avatar, price)
  - Creator center role list (id, displayName, avatar, status)
  - Role detail price
  - Income records (role, time)
  - Error messages in catch blocks

All 35 E2E tests pass.
2026-06-21 14:05:37 +08:00
.gitea/workflows ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup 2026-06-21 14:05:37 +08:00
deploy ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup 2026-06-21 14:05:37 +08:00
docs ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup 2026-06-21 14:05:37 +08:00
e2e test: add 35 E2E tests (auth/roles/creator/navigation) and fix temperature validation bug 2026-06-21 14:05:37 +08:00
img Initial commit: Eternal AI landing page and character creator 2026-06-20 16:30:12 +08:00
prisma feat: add PostgreSQL + JWT backend, fix 4 critical issues (auth/role persistence/edit/library) 2026-06-21 14:05:37 +08:00
src fix(security): resolve 2 P0 issues - hardcoded JWT secret and stored XSS 2026-06-21 14:05:37 +08:00
.env.example ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup 2026-06-21 14:05:37 +08:00
.gitignore ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup 2026-06-21 14:05:37 +08:00
Eternal_AI_PRD_v1.docx Add distinct auth and distill-ex views per PRD 2026-06-20 17:01:20 +08:00
README.md chore: clean up repo structure and fix config 2026-06-21 14:05:37 +08:00
app.js fix(security): resolve 2 P0 issues - hardcoded JWT secret and stored XSS 2026-06-21 14:05:37 +08:00
ecosystem.config.js ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup 2026-06-21 14:05:37 +08:00
index.html test: add 35 E2E tests (auth/roles/creator/navigation) and fix temperature validation bug 2026-06-21 14:05:37 +08:00
package-lock.json test: add 35 E2E tests (auth/roles/creator/navigation) and fix temperature validation bug 2026-06-21 14:05:37 +08:00
package.json ci: add CI/CD deployment scripts with PM2, Nginx, and auto-setup 2026-06-21 14:05:37 +08:00
playwright.config.js test: add 35 E2E tests (auth/roles/creator/navigation) and fix temperature validation bug 2026-06-21 14:05:37 +08:00
server.js feat: add PostgreSQL + JWT backend, fix 4 critical issues (auth/role persistence/edit/library) 2026-06-21 14:05:37 +08:00
styles.css fix(a11y): improve accessibility across all views 2026-06-20 18:40:51 +08:00

README.md

Eternal AI

AI 陪伴平台 — 开放给人设创作者进行人设设定并发布,生成 Hermes agent 可用的配置文件Soul.md + config.yaml

项目结构

EternalAI/
├── index.html          # 单页应用入口9 个视图)
├── app.js              # 应用逻辑(路由、状态管理、表单生成)
├── styles.css          # 样式(玻璃拟态、深空背景)
├── server.js           # Express 静态服务器(端口 3001
├── img/                # 背景与卡片素材
├── docs/plans/         # 规划文档
├── Eternal_AI_PRD_v1.docx  # 产品需求文档
└── package.json

快速开始

# 方式一Express 服务器
npm install && npm start
# → http://localhost:3001

# 方式二:任意静态服务器
python3 -m http.server 8083
# → http://localhost:8083

页面一览

页面 视图 ID 说明
首页 landing 两张入口卡片 + 底部链接
登录/注册 auth 登录态分流
角色库 role-library 创作者上架的角色列表
角色详情 role-detail 单个角色详情 + 付款流程
蒸馏前任 distill 自营情感服务介绍页
关于 Eternal AI about 平台简介 + FAQ
创作者入驻 onboarding 合作说明 + 微信联系方式
创作者管理中心 creator-center 角色/收入/设置 三 tab
角色编辑 creator 4 步表单 → 生成 Soul.md + config.yaml

技术栈

  • 纯前端 HTML5 SPAIIFE 模式,无框架)
  • localStorage 持久化登录态
  • Express 静态文件服务
  • 玻璃拟态 UI + 深空背景