fix(saas): 安全修复 — IDOR防护、SSRF防护、JWT密钥强制、错误信息脱敏、CORS配置化

- account: admin 权限守卫 (list_accounts/get_account/update_status/list_logs)
- relay: SSRF 防护 (禁止内网地址、限制 http scheme、30s 超时)
- config: 生产环境强制 ZCLAW_SAAS_JWT_SECRET 环境变量
- error: 500 错误不再泄露内部细节给客户端
- main: CORS 支持配置白名单 origins
- 全部 21 个测试通过 (7 unit + 14 integration)

crates/zclaw-saas/src/relay/service.rs

@@ -120,10 +120,16 @@ pub async fn execute_relay(
 ) -> SaasResult<RelayResponse> {
     update_task_status(db, task_id, "processing", None, None, None).await?;
 
+    // SSRF 防护: 验证 URL scheme 和禁止内网地址
+    validate_provider_url(provider_base_url)?;
+
     let url = format!("{}/chat/completions", provider_base_url.trim_end_matches('/'));
     let _start = std::time::Instant::now();
 
-    let client = reqwest::Client::new();
+    let client = reqwest::Client::builder()
+        .timeout(std::time::Duration::from_secs(30))
+        .build()
+        .map_err(|e| SaasError::Internal(format!("HTTP 客户端构建失败: {}", e)))?;
     let mut req_builder = client.post(&url)
         .header("Content-Type", "application/json")
         .body(request_body.to_string());
@@ -195,3 +201,39 @@ fn extract_token_usage(body: &str) -> (i64, i64) {
 
     (input, output)
 }
+
+/// SSRF 防护: 验证 provider URL 不指向内网
+fn validate_provider_url(url: &str) -> SaasResult<()> {
+    let parsed: url::Url = url.parse().map_err(|_| {
+        SaasError::InvalidInput(format!("无效的 provider URL: {}", url))
+    })?;
+
+    // 只允许 https
+    match parsed.scheme() {
+        "https" => {}
+        "http" => {
+            // 开发环境允许 http
+            let is_dev = std::env::var("ZCLAW_SAAS_DEV")
+                .map(|v| v == "true" || v == "1")
+                .unwrap_or(false);
+            if !is_dev {
+                return Err(SaasError::InvalidInput("生产环境禁止 http scheme，请使用 https".into()));
+            }
+        }
+        _ => return Err(SaasError::InvalidInput(format!("不允许的 URL scheme: {}", parsed.scheme()))),
+    }
+
+    // 禁止内网地址
+    let host = match parsed.host_str() {
+        Some(h) => h,
+        None => return Err(SaasError::InvalidInput("provider URL 缺少 host".into())),
+    };
+    let blocked = ["127.0.0.1", "0.0.0.0", "localhost", "::1", "169.254.169.254", "metadata.google.internal"];
+    for blocked_host in &blocked {
+        if host == *blocked_host || host.ends_with(&format!(".{}", blocked_host)) {
+            return Err(SaasError::InvalidInput(format!("provider URL 指向禁止的内网地址: {}", host)));
+        }
+    }
+
+    Ok(())
+}