iven/zclaw_openfang
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a3bfdbb01c19ef7bbbae89cfc2bd3042af7473e7
zclaw_openfang/docs/features/audit-v12/M7-saas-desktop.md
iven 442ec0eeef
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
Details
CI / Unit Tests (push) Has been cancelled
Details
CI / Build Frontend (push) Has been cancelled
Details
CI / Rust Check (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / E2E Tests (push) Has been cancelled
Details
docs(audit): V12 模块化端到端审计报告 — 11 模块 + 总报告 
混合矩阵式审计:10 个功能模块 × 五维检查清单
- 项目整体健康度: 76/100
- 2 个 P0 (M4 双数据库 + 反思引擎 LLM 未接入)
- 15 个 P1 (跨 M2/M3/M4/M5/M6/M7/M11)
- 三类断链模式: 写了没接/接了不对/双实现未统一
- 三阶段修复路线图: P0(2-3天) → P1(5-7天) → P2(5-7天)
2026-04-04 17:55:03 +08:00

35 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 模块 M7 SaaS 平台 Desktop 端 审计报告
> **审计版本**: V12 | **日期**: 2026-04-04
## 1. 链路完整性
| 链路 | 状态 | 备注 |
|------|------|------|
| 登录(无/带 TOTP) | ✅ | POST /auth/login |
| JWT 获取/刷新 | ✅ | HttpOnly Cookie + refresh 端点 |
| Session 恢复 | ✅ | restoreSession + /auth/me |
| 模型列表 | ✅ | GET /relay/models |
| 聊天中继(流式/非流式) | ✅ | POST /relay/chat/completions + SSE |
| 中继任务列表/重试 | ✅ | GET/POST /relay/tasks |
| TOTP 设置/验证/禁用 | ✅ | 三个端点完整 |
| 计费(计划/订阅/支付) | ✅ | 全部端点对齐 |
| 配置同步(拉/推) | ✅ | config/pull + config/diff + config/sync |
| 设备注册/心跳 | ✅ | 5 分钟间隔心跳 |
| 配置迁移 | ⚠️ | PUT 路径参数语义错误 |
**链路完整性评分: 90/100**
## 2. 问题清单
| ID | 文件:行号 | 级别 | 描述 | 修复建议 |
|----|----------|------|------|---------|
| M7-01 | `SaaSLogin.tsx:59` | P2 | 前端密码最少 6 字符 vs 后端最少 8 字符 | 统一为 8 |
| M7-02 | `ConfigMigrationWizard.tsx:118` | **P1** | PUT 使用布尔值 exists 作为路径参数,应为 config item ID | 修正为实际 ID |
| M7-03 | `TOTPSettings.tsx:109` | P2 | QR Code 通过外部服务生成secret 明文发送到 api.qrserver.com | 改用本地 QR 库 |
| M7-04 | `saas-client.ts:66` | **P1** | refreshToken() 未传 refresh_token bodyTauri 非浏览器可能无 cookie | 验证 cookie 自动附加或显式传 body |
| M7-05 | `saasStore.ts:212` | P3 | saveSaaSSession fire-and-forget失败无感知 | 添加错误回退 |
| M7-06 | `saas-relay-client.ts:113` | P3 | chatStream 不传 sessionKey/agentId 等参数 | 确认是否需要透传 |
**综合健康度: 85/100** — 核心链路完整,配置迁移路径参数和 token 刷新是主要风险。
Reference in New Issue View Git Blame Copy Permalink