fix(安全): 修复上游校验与 URL 清理问题

增加请求阶段 DNS 解析校验，阻断重绑定到私网补充默认透传 WWW-Authenticate 头，保留认证挑战前端相对 URL 过滤拒绝 // 协议相对路径测试: go test ./internal/repository -run TestGitHubReleaseServiceSuite 测试: go test ./internal/repository -run TestTurnstileServiceSuite 测试: go test ./internal/repository -run TestProxyProbeServiceSuite 测试: go test ./internal/repository -run TestClaudeUsageServiceSuite
2026-01-03 10:52:24 +08:00
parent bd4bf00856
commit 25e1632628
18 changed files with 168 additions and 58 deletions
--- a/backend/internal/util/responseheaders/responseheaders.go
+++ b/backend/internal/util/responseheaders/responseheaders.go
@@ -31,6 +31,7 @@ var defaultAllowed = map[string]struct{}{
 	"x-ratelimit-reset-tokens":       {},
 	"retry-after":                    {},
 	"location":                       {},
+	"www-authenticate":               {},
 }

 // hopByHopHeaders 是跳过的 hop-by-hop 头部，这些头部由 HTTP 库自动处理