whfh/label_backend
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55 Commits 1 Branch 0 Tags
63ed9e677116b0410ef25528b6b5fa6579048cb4
Commit Graph

8 Commits

Author SHA1 Message Date
wh
c7201b03e1 将shiro切换至jdk17 servlet api,适配springboot3 2026-04-13 20:44:42 +08:00
wh
e8235eeec5 修改shiro 兼容性问题 2026-04-13 19:58:49 +08:00
wh
7172861e67 修改用户模块 2026-04-13 17:13:29 +08:00
wh
a489e2b204 修改mybatis版本启动报错,swagger注解问题 2026-04-12 00:15:59 +08:00
wh
c2a254cba4 fix+refactor: 代码审查修复(11 项安全/并发缺陷)+ log.debug → log.info(21 处) 
代码审查修复:
- MybatisPlusConfig: video_process_job 加入 IGNORED_TABLES(修复回调路径多租户过滤导致全部回调静默丢失)
- TokenFilter: catch(Exception) 替代 catch(NumberFormatException),防止空指针泄漏为 500
- VideoController: createJob 空指针防护 + handleCallback 共享密钥校验(X-Callback-Secret)
- VideoProcessService: handleCallback 显式校验 companyId 非空;triggerAi 失败改为 error 级日志
- ExtractionService/QaService: validateAndGetTask 显式校验 companyId(纵深防御)
- TaskClaimService: reclaim 增加原子 WHERE status='REJECTED';claim 异常时释放 Redis 锁
- TaskService: reassign 校验 targetUserId 属于同一租户
- AuthService: user:sessions:{userId} Set 设置滑动 TTL,防止 Token 无限累积
- ExportService/SourceService: RustFS + DB 非原子操作增加失败回滚清理
- SourceService: getOriginalFilename 使用 Paths.get().getFileName() 防路径遍历

日志规范:
- 11 个 Service 类 21 处 log.debug 替换为 log.info
 2026-04-09 19:42:20 +08:00
wh
a14c3f5559 feat(phase9-10): US8 视频处理与系统配置模块 + 代码审查修复 
Phase 9 (US8):
- VideoProcessJob 实体 + VideoProcessJobMapper
- SysConfig 实体 + SysConfigMapper(手动多租户查询)
- VideoProcessService:createJob/handleCallback(幂等)/reset
  - T074 修复:AI 触发通过 TransactionSynchronization.afterCommit() 延迟至事务提交后
- VideoController:4 个端点,/api/video/callback 无需认证
- SysConfigService:公司专属优先 > 全局默认回退,UPSERT 仅允许已知键
- SysConfigController:GET /api/config + PUT /api/config/{key}
- TokenFilter:/api/video/callback 绕过 Token 认证
- 集成测试:VideoCallbackIdempotencyTest、SysConfigIntegrationTest

Phase 10 (代码审查与修复):
- T070 MultiTenantIsolationTest:跨公司资料/配置隔离验证
- T071 SourceController.upload():ResponseEntity<Result<T>> → Result<T> + @ResponseStatus
- T074 FinetuneService.trigger():移除 @Transactional,AI 调用在事务外执行
 2026-04-09 16:18:39 +08:00
wh
a28fecd16a Phase 2/3 完成:修复 Shiro javax/jakarta 兼容性,实现 US1 认证模块 
修复:
- TokenFilter 改继承 OncePerRequestFilter(jakarta.servlet),
  移除 PathMatchingFilter(javax.servlet)依赖,解决 Lombok 级联失败
- ShiroConfig 用 FilterRegistrationBean 替代 ShiroFilterFactoryBean,
  避免 javax/jakarta Filter 类型不兼容;securityManager 调用
  SecurityUtils.setSecurityManager() 确保 @RequiresRoles AOP 可用
- LabelBackendApplication 排除 ShiroWeb 自动配置(WebAutoConfiguration、
  WebFilterConfiguration、WebMvcAutoConfiguration)
- SysUserMapper @InterceptorIgnore 修正为 mybatis-plus 包路径

新增(Phase 2 尾声):
- SysCompany / SysCompanyMapper
- SysUser / SysUserMapper
- ShiroFilterIntegrationTest(无 Token→401、过期→401、角色不足→403、满足→200)

新增(Phase 3 / US1):
- LoginRequest / LoginResponse / UserInfoResponse DTO
- AuthService(login + logout + me;BCrypt 校验;Redis Hash 存 Token)
- AuthController(POST /api/auth/login、POST /logout、GET /me)
- AuthIntegrationTest(正确密码→token、错误密码→401、退出后→401)
 2026-04-09 15:16:49 +08:00
wh
0cd99aa22c On branch 001-label-backend-spec 
Changes to be committed:
	new file:   src/main/java/com/label/common/shiro/BearerToken.java
	new file:   src/main/java/com/label/common/shiro/ShiroConfig.java
	new file:   src/main/java/com/label/common/shiro/TokenFilter.java
	new file:   src/main/java/com/label/common/shiro/TokenPrincipal.java
	new file:   src/main/java/com/label/common/shiro/UserRealm.java
	modified:   src/main/java/com/label/common/statemachine/DatasetStatus.java
	new file:   src/test/java/com/label/AbstractIntegrationTest.java
	new file:   src/test/java/com/label/unit/StateMachineTest.java
	new file:   src/test/resources/db/init.sql
 2026-04-09 13:54:35 +08:00