fix(安全): 修复上游校验与 URL 清理问题

增加请求阶段 DNS 解析校验，阻断重绑定到私网补充默认透传 WWW-Authenticate 头，保留认证挑战前端相对 URL 过滤拒绝 // 协议相对路径测试: go test ./internal/repository -run TestGitHubReleaseServiceSuite 测试: go test ./internal/repository -run TestTurnstileServiceSuite 测试: go test ./internal/repository -run TestProxyProbeServiceSuite 测试: go test ./internal/repository -run TestClaudeUsageServiceSuite
2026-01-03 10:52:24 +08:00
parent bd4bf00856
commit 25e1632628
18 changed files with 168 additions and 58 deletions
--- a/backend/internal/repository/turnstile_service_test.go
+++ b/backend/internal/repository/turnstile_service_test.go
@@ -41,6 +41,7 @@ func (s *TurnstileServiceSuite) TearDownTest() {
 func (s *TurnstileServiceSuite) setupServer(handler http.HandlerFunc) {
 	s.srv = httptest.NewServer(handler)
 	s.verifier.verifyURL = s.srv.URL
+	s.verifier.httpClient = s.srv.Client()
 }

 func (s *TurnstileServiceSuite) TestVerifyToken_SendsFormAndDecodesJSON() {