pullrequests Search Results · language:Edge language:TypeScript language:HTML language:JavaScript language:Python language:Python
Filter by
257M results
Summary
ADMIN_TOKEN 是独立于 users 表的超级令牌,其管理权限不依赖任何账号管理员存在。此前删除/降级/停用「最后一个启用管理员」的守卫(LastActiveAdminError → 409)对所有调用方一刀切,导致
ADMIN_TOKEN 这种本就拥有最高权限的身份也被挡住。本 PR 让 ADMIN_TOKEN 调用方豁免该守卫;账号登录的管理员仍受约束。
Related ...
g1331
- 新增 AppLayout:TopNav + 240px Sidebar + 内容区,所有角色共用
- 新增 auth store:管理 token/用户/权限,支持页面刷新恢复
- 新增路由守卫:未登录重定向、权限校验、token 恢复
- 新增角色菜单配置:4 种角色各自的侧栏导航项
- 新增 LoginView、DashboardView(占位)、404、403 页面
LUFANGQIAN
…n, room, and UE lists for cleaner UI
bounyamine
Thanks for asking me to work on this. I will get started on it and keep this PR s description up to date as I form a
plan and make progress.
This section details on the original issue you should resolve ...
Copilot
This PR contains the following updates:
| Package | Change | Age | Confidence |
| --- | --- | --- | --- |
| esbuild | 0.28.0 → 0.28.1 | age | confidence |
esbuild allows arbitrary file read when running ...
security
renovate[bot]
Summary
The Dashboard Security Audit gate (npm audit on web/) is red on main, which fails the aggregate CI Pass check on every
PR — including the open Renovate dependency PRs #2345 (web), #2346 (infra), ...
Aureliolo
priyansh985
问题描述
1. 每次调用分销卡券接口都会查询数据库获取 secret_key,高频场景下造成不必要的数据库压力
2. 提货接口没有频率限制,存在被恶意刷单的风险
3. WebSocket 发送后未收到响应的发货记录会永久停留在 unknown 状态,影响发货统计准确性
修复方案
1. Secret Key 缓存优化
- 为 _get_secret_key 增加 5 分钟 TTL 内存缓存(_secret_key_cache) ...
BeginnerStars
- new recipe: two-DB boundary diagram, ChatGPT-style schema, what-not-to-store, per-turn request lifecycle,
recommended meta keys, safe-querying note
- state-persistence: callout pointing product ...
anmolgautam
🤖 AI Security Remediation
🟢 Auto-merge eligible — will merge after CI passes.
📊 Analysis
- Severity: MEDIUM
- Confidence: 85%
- Auto-fix allowed: True
📝 Summary
The code uses subprocess to execute ...
ai-remediation
severity-medium
gangiiopsdev