iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: address Phase 1-2 audit findings

Browse Source 
- CORS: replace permissive() with configurable whitelist (default.toml)
- Auth store: synchronously restore state at creation to eliminate
  flash-of-login-page on refresh
- MainLayout: menu highlight now tracks current route via useLocation
- Add extractErrorMessage() utility to reduce repeated error parsing
- Fix all clippy warnings across 4 crates (erp-auth, erp-config,
  erp-workflow, erp-message): remove unnecessary casts, use div_ceil,
  collapse nested ifs, reduce function arguments with DTOs
This commit is contained in:
iven
2026-04-11 12:36:34 +08:00
parent 5c899e6f4a
commit 3a05523d23
35 changed files with 283 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/erp-auth/src/handler/auth_handler.rs
View File

@@ -8,7 +8,7 @@ use erp_core::types::{ApiResponse, TenantContext};
use crate::auth_state::AuthState;
use crate::dto::{LoginReq, LoginResp, RefreshReq};
use crate::service::auth_service::AuthService;
use crate::service::auth_service::{AuthService, JwtConfig};
/// POST /api/v1/auth/login
///
@@ -29,14 +29,18 @@ where
let tenant_id = state.default_tenant_id;
let jwt_config = JwtConfig {
secret: &state.jwt_secret,
access_ttl_secs: state.access_ttl_secs,
refresh_ttl_secs: state.refresh_ttl_secs,
};
let resp = AuthService::login(
tenant_id,
&req.username,
&req.password,
&state.db,
&state.jwt_secret,
state.access_ttl_secs,
state.refresh_ttl_secs,
&jwt_config,
&state.event_bus,
)
.await?;
@@ -56,12 +60,16 @@ where
AuthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
let jwt_config = JwtConfig {
secret: &state.jwt_secret,
access_ttl_secs: state.access_ttl_secs,
refresh_ttl_secs: state.refresh_ttl_secs,
};
let resp = AuthService::refresh(
&req.refresh_token,
&state.db,
&state.jwt_secret,
state.access_ttl_secs,
state.refresh_ttl_secs,
&jwt_config,
)
.await?;