fix: address Phase 1-2 audit findings

- CORS: replace permissive() with configurable whitelist (default.toml) - Auth store: synchronously restore state at creation to eliminate flash-of-login-page on refresh - MainLayout: menu highlight now tracks current route via useLocation - Add extractErrorMessage() utility to reduce repeated error parsing - Fix all clippy warnings across 4 crates (erp-auth, erp-config, erp-workflow, erp-message): remove unnecessary casts, use div_ceil, collapse nested ifs, reduce function arguments with DTOs
2026-04-11 12:36:34 +08:00
parent 5c899e6f4a
commit 3a05523d23
35 changed files with 283 additions and 187 deletions
--- a/crates/erp-message/src/service/message_service.rs
+++ b/crates/erp-message/src/service/message_service.rs
@@ -46,7 +46,7 @@ impl MessageService {
            .await
            .map_err(|e| MessageError::Validation(e.to_string()))?;

-        let page_index = query.page.unwrap_or(1).saturating_sub(1) as u64;
+        let page_index = query.page.unwrap_or(1).saturating_sub(1);
        let models = paginator
            .fetch_page(page_index)
            .await
@@ -132,6 +132,7 @@ impl MessageService {
    }

    /// 系统发送消息（由事件处理器调用）。
+    #[allow(clippy::too_many_arguments)]
    pub async fn send_system(
        tenant_id: Uuid,
        recipient_id: Uuid,