fix: address Phase 1-2 audit findings

- CORS: replace permissive() with configurable whitelist (default.toml) - Auth store: synchronously restore state at creation to eliminate flash-of-login-page on refresh - MainLayout: menu highlight now tracks current route via useLocation - Add extractErrorMessage() utility to reduce repeated error parsing - Fix all clippy warnings across 4 crates (erp-auth, erp-config, erp-workflow, erp-message): remove unnecessary casts, use div_ceil, collapse nested ifs, reduce function arguments with DTOs
2026-04-11 12:36:34 +08:00
parent 5c899e6f4a
commit 3a05523d23
35 changed files with 283 additions and 187 deletions
--- a/crates/erp-auth/src/handler/org_handler.rs
+++ b/crates/erp-auth/src/handler/org_handler.rs
@@ -184,10 +184,7 @@ where
        id,
        ctx.tenant_id,
        ctx.user_id,
-        &req.name,
-        &req.code,
-        &req.manager_id,
-        &req.sort_order,
+        &req,
        &state.db,
    )
    .await?;
@@ -291,10 +288,7 @@ where
        id,
        ctx.tenant_id,
        ctx.user_id,
-        &req.name,
-        &req.code,
-        &req.level,
-        &req.sort_order,
+        &req,
        &state.db,
    )
    .await?;