fix: address Phase 1-2 audit findings

- CORS: replace permissive() with configurable whitelist (default.toml) - Auth store: synchronously restore state at creation to eliminate flash-of-login-page on refresh - MainLayout: menu highlight now tracks current route via useLocation - Add extractErrorMessage() utility to reduce repeated error parsing - Fix all clippy warnings across 4 crates (erp-auth, erp-config, erp-workflow, erp-message): remove unnecessary casts, use div_ceil, collapse nested ifs, reduce function arguments with DTOs
2026-04-11 12:36:34 +08:00
parent 5c899e6f4a
commit 3a05523d23
35 changed files with 283 additions and 187 deletions
--- a/crates/erp-workflow/src/engine/expression.rs
+++ b/crates/erp-workflow/src/engine/expression.rs
@@ -164,10 +164,10 @@ impl ExpressionEvaluator {
        if let Ok(n) = token.parse::<i64>() {
            return Ok(serde_json::Value::Number(n.into()));
        }
-        if let Ok(f) = token.parse::<f64>() {
-            if let Some(n) = serde_json::Number::from_f64(f) {
-                return Ok(serde_json::Value::Number(n));
-            }
+        if let Ok(f) = token.parse::<f64>()
+            && let Some(n) = serde_json::Number::from_f64(f)
+        {
+            return Ok(serde_json::Value::Number(n));
        }

        // 布尔字面量