iven
7de486bfca
test(saas): Phase 1 integration tests — billing + scheduled_task + knowledge (68 tests)
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
- Fix TIMESTAMPTZ decode errors: add ::TEXT cast to all SELECT queries
where Row structs use String for TIMESTAMPTZ columns (~22 locations)
- Fix Axum 0.7 route params: {id} → :id in billing/knowledge/scheduled_task routes
- Fix JSONB bind: scheduled_task INSERT uses ::jsonb cast for input_payload
- Add billing_test.rs (14 tests): plans, subscription, usage, payments, invoices
- Add scheduled_task_test.rs (12 tests): CRUD, validation, isolation
- Add knowledge_test.rs (20 tests): categories, items, versions, search, analytics, permissions
- Fix auth test regression: 6 tests were failing due to TIMESTAMPTZ type mismatch
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-07 14:25:34 +08:00
iven
cc26797faf
fix(saas): eliminate 6 compiler warnings + stabilize directive complete
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
- Remove unused imports: Utc (billing/service), StatusCode (billing/handlers), Sha256 (billing/handlers)
- Fix unused variables: _db (scheduler), _e (payment WeChat error)
- Fix visibility: RegisterDeviceRequest pub(super) → pub (used in pub handler)
- Update STABILIZATION_DIRECTIVE.md: all 7 criteria met, downgrade to advisory
- Fix TRUTH.md §2.2: mark P0/P1 defects as resolved, update Admin pages count to 14
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-03 21:57:04 +08:00
iven
da438ad868
fix(billing): resolve all audit findings — CSRF, float precision, TOCTOU, error sanitization
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
- Add CSRF token protection for mock payment (SHA256 + constant-time verify)
- Replace f64 currency conversion with pure integer string parsing (parse_yuan_to_cents)
- Move subscription check inside transaction to prevent TOCTOU race
- Rewrite increment_usage to use atomic SQL (account_id+period_start WHERE)
- Add trade_no format validation in payment callback
- Sanitize error messages to prevent sensitive data leakage
- Use i32::try_from for WeChat amount conversion (prevent truncation)
- Replace window.__ZCLAW_STATS_SYNC_INTERVAL__ with useRef pattern
- Replace eprintln/println with tracing macros in lifecycle
- Remove unused variable in scheduler
- Remove duplicate sha2 and unused hmac from Cargo.toml
2026-04-02 20:04:43 +08:00
iven
28299807b6
fix(desktop): DeerFlow UI — ChatArea refactor + ai-elements + dead CSS cleanup
...
ChatArea retry button uses setInput instead of direct sendToGateway,
fix bootstrap spinner stuck for non-logged-in users,
remove dead CSS (aurora-title/sidebar-open/quick-action-chips),
add ai components (ReasoningBlock/StreamingText/ChatMode/ModelSelector/TaskProgress),
add ClassroomPlayer + ResizableChatLayout + artifact panel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-02 19:24:44 +08:00
iven
b1e3a27043
feat(saas): add payment integration with Alipay/WeChat mock support
...
- payment.rs: create_payment, handle_payment_callback, query_payment_status
- Mock pay page for development mode with HTML confirm/cancel flow
- Payment callback handler with subscription auto-creation on success
- Alipay form-urlencoded and WeChat JSON callback parsing
- 7 new routes including callback and mock-pay endpoints
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-02 00:41:35 +08:00
