huangzhenpc/sub2api-ht
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf2d5067c335baea60687deb91d8ffc8057486d5
sub2api-ht/frontend
History
Michael-Jetson cf2d5067c3 fix(security): add JWT auth + visibility check to pages API 
- GET /pages/:slug now requires JWT + checks custom_menu_items visibility
- GET /pages (list) is admin-only
- GET /pages/:slug/images/* uses visibility check without JWT (browser
  img tags cannot carry auth headers), blocks admin-only page images
- Frontend fetch adds Authorization header from authStore.token
- settingService nil guard changed to fail-closed (deny access)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-05 07:00:08 -07:00
..
public
revert: remove fork-only changes from release sync
2026-04-23 21:40:58 +08:00
src
fix(security): add JWT auth + visibility check to pages API
2026-05-05 07:00:08 -07:00
.eslintignore
chore: 添加ESLint忽略配置
2026-01-12 11:44:34 +08:00
.eslintrc.cjs
.npmrc
audit.json
index.html
package.json
chore: remove openspec and update axios
2026-05-05 17:13:25 +08:00
pnpm-lock.yaml
chore: remove openspec and update axios
2026-05-05 17:13:25 +08:00
postcss.config.js
tailwind.config.js
perf(前端): 移除 Google Fonts 改用系统字体栈
2026-01-16 19:49:33 +08:00
tsconfig.json
merge upstream main
2026-02-02 22:13:50 +08:00
tsconfig.node.json
vite.config.ts
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
vitest.config.ts
revert: remove fork-only changes from release sync
2026-04-23 21:40:58 +08:00