fix(security): resolve audit findings and compilation errors (Phase 6)

Security fixes: - Add startup warning for default JWT secret in config - Add enum validation for priority, recipient_type, channel fields - Add pagination size cap (max 100) via safe_page_size() - Return generic "权限不足" instead of specific permission names Compilation fixes: - Fix missing standard fields in ActiveModel for tokens/process_variables - Fix migration imports for Statement/DatabaseBackend/Uuid - Add version_field to process_definition ActiveModel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-11 12:49:45 +08:00
parent 3a05523d23
commit b3c7f76b7f
11 changed files with 324 additions and 8 deletions
--- a/crates/erp-workflow/src/engine/executor.rs
+++ b/crates/erp-workflow/src/engine/executor.rs
@@ -250,6 +250,8 @@ impl FlowExecutor {
                let new_token_id = Uuid::now_v7();
                let now = Utc::now();

+                let system_user = uuid::Uuid::nil();
+
                let token_model = token::ActiveModel {
                    id: Set(new_token_id),
                    tenant_id: Set(tenant_id),
@@ -257,6 +259,11 @@ impl FlowExecutor {
                    node_id: Set(node_id.to_string()),
                    status: Set("active".to_string()),
                    created_at: Set(now),
+                    updated_at: Set(now),
+                    created_by: Set(system_user),
+                    updated_by: Set(system_user),
+                    deleted_at: Set(None),
+                    version: Set(1),
                    consumed_at: Set(None),
                };
                token_model