ZhenYi
b35d2d4fe7
refactor(access_key): migrate auth to Argon2 password verification
...
- Replace custom hash check with Argon2 password verification
- Scan all un-revoked tokens for matching access key
- Add expiry validation per token with proper skip logic
2026-05-15 11:48:46 +08:00
ZhenYi
06c08148cb
refactor(service,session): apply rustfmt formatting
2026-05-14 10:02:29 +08:00
ZhenYi
14f6e1e500
feat(core): initialize project with access control and AI integration
...
- Add gitignore and prettier configuration files for project scaffolding
- Implement room access control service with project member verification
- Create user access key management with CRUD operations and activity logging
- Add accordion UI component for frontend expandable sections
- Implement room AI configuration with list, upsert, and delete operations
- Add AI event types for agent join/leave/status change tracking
- Create streaming AI processing services for mode and react patterns
- Build room AI service with model detection and idempotency handling
- Integrate chat service orchestration for AI message processing
- Add typing indicators and stream cancellation for AI interactions
- Implement mention parsing and context extraction for AI agents
2026-05-03 06:04:31 +08:00
ZhenYi
ef529d772b
fix(service): resolve backend compilation errors
...
- access_key.rs: use rand::rng() and random_range() for rand 0.10 API
- access_key.rs: fix update() returns DbErr, add .map_err(AppError::from)
- sync.rs: upsert_provider expects &str not String
- sync.rs: add QueryOrder import for order_by_asc
- issue.rs: change %e to ?e for Debug trait instead of Display
- workspace/info.rs: add missing closing brace in struct literal
2026-04-27 16:39:52 +08:00
ZhenYi
09645d8641
fix: resolve multiple bugs across backend and frontend
...
Security fixes:
- Remove WS token from plaintext log output (ws_universal.rs)
- Replace weak LCG PRNG with rand::thread_rng() for access key generation
- Add project membership check to issue triage endpoint (prevent unauthorized AI usage)
- Validate deepLinkUrl to prevent javascript: navigation (XSS defense-in-depth)
Data integrity fixes:
- Fix UUID truncation in AI model sync (as_u128() as i64 -> timestamp_millis)
- Wrap PR cascade delete in database transaction
- Add missing cascade deletes for room_message_reaction, room_message_edit_history, room_notifications
- Fix N+1 query for last_commit_times (single grouped query instead of per-repo)
Panic prevention:
- Replace unwrap() with safe fallbacks in health/metrics endpoints (email, git-hook apps)
- Replace unwrap() in access key scopes serialization
- Replace expect() in tool executor result map with synthetic error
- Replace expect() in log level parsing with default fallback
Logic bugs:
- Fix users_online metric double-decrement (decrement only when count reaches 0)
- Fix Map iteration + deletion bug in universal-ws.ts onclose handler
- Fix stale audioStream reference in catch block (use local stream variable)
- Add missing reInit event cleanup in carousel.tsx
- Fix email retry backoff integer overflow ((1 << i) as u64 -> 1u64 << i)
React fixes:
- Use message.id instead of index as key in message-list
- Add audio stream cleanup on unmount in use-audio-recording
2026-04-27 13:54:21 +08:00
ZhenYi
f36f08e3c4
fix: remaining unwrap panics and new bugs discovered during audit
...
- email worker: replace Mailbox::parse().unwrap() with match to
handle invalid recipient addresses gracefully
- metrics middleware: RwLock poison recovery on read/write locks
to prevent panic on thread panic
- access key: SystemTime::now() unwrap_or_default instead of unwrap
for clock-before-epoch edge case
- chpc: NaiveDateTime and_hms_opt unwrap_or MIN/MAX fallbacks
- push notification: second code path fixed for let-chain unwrap
- ai_streaming: constant UUID parse use expect() instead of unwrap
2026-04-27 11:30:01 +08:00
ZhenYi
93cfff9738
init
2026-04-15 09:08:09 +08:00
