oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: address audit findings for notify, websearch and security

Browse Source 
- Fix GetByKeyForAuth missing user.FieldEmail and user.FieldUsername (notifications sent to empty address)
- Guard against empty email in collectBalanceNotifyRecipients
- Remove non-atomic TotalRecharged read-modify-write in admin balance adjustment
- HTML-escape userName/siteName/accountName in notification email templates
- Fix timer leak in ProfileBalanceNotifyCard (add onUnmounted cleanup)
- Add warning log on websearch proxy URL resolution failure
This commit is contained in:
erio
2026-04-12 18:11:47 +08:00
parent eba289a7ff
commit 4e96a6faec
5 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/repository/api_key_repo.go
View File

@@ -139,6 +139,8 @@ func (r *apiKeyRepository) GetByKeyForAuth(ctx context.Context, key string) (*se
WithUser(func(q *dbent.UserQuery) {
q.Select(
user.FieldID,
user.FieldEmail,
user.FieldUsername,
user.FieldStatus,
user.FieldRole,
user.FieldBalance,