iven/erp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
112 Commits 1 Branch 0 Tags
9d18b7e079ffe44df96994f343ba657d1683a1cc
Commit Graph

4 Commits

Author SHA1 Message Date
iven
080d2cb3d6 fix(security): Q2 Chunk 2 — 多租户安全加固 + 限流 fail-closed 
- auth_service::refresh() 添加 tenant_id 校验
- user_service get_by_id/update/delete/assign_roles 改为数据库级 tenant_id 过滤
- 限流中间件改为 fail-closed:Redis 不可达时返回 429 而非放行
 2026-04-17 17:45:59 +08:00
iven
b08e8b5ab5 perf: 前端 API 并行化 + 后端 Redis 连接缓存 — 响应时间从 2.26s 降至 2ms 
后端:
- rate_limit 中间件新增 RedisAvailability 缓存
- Redis 不可用时跳过限流,30 秒冷却后再重试
- 避免 get_multiplexed_async_connection 每次请求阻塞 2 秒

前端:
- plugin store schema 加载改为 Promise.allSettled 并行(原为 for...of 顺序)
- 先基于 entities 渲染回退菜单,schema 加载完成后更新
- 移除 Home useEffect 中 unreadCount 依赖,消除双重 fetch
- MainLayout 使用选择性 store selector 减少重渲染
 2026-04-17 01:12:17 +08:00
iven
9568dd7875 chore: apply cargo fmt across workspace and update docs 
- Run cargo fmt on all Rust crates for consistent formatting
- Update CLAUDE.md with WASM plugin commands and dev.ps1 instructions
- Update wiki: add WASM plugin architecture, rewrite dev environment docs
- Minor frontend cleanup (unused imports)
 2026-04-15 00:49:20 +08:00
iven
529d90ff46 feat(server): add Redis-based rate limiting middleware 
Store Redis client in AppState instead of discarding it. Create
rate_limit middleware using Redis INCR + EXPIRE for fixed-window
counting. Apply user-based rate limiting (100 req/min) to all
protected routes. Graceful degradation when Redis is unavailable.
 2026-04-11 23:58:54 +08:00