feat(安全): 强化安全策略与配置校验

- 增加 CORS/CSP/安全响应头与代理信任配置 - 引入 URL 白名单与私网开关，校验上游与价格源 - 改善 API Key 处理与网关错误返回 - 管理端设置隐藏敏感字段并优化前端提示 - 增加计费熔断与相关配置示例测试: go test ./...
2026-01-02 17:40:57 +08:00
parent 3fd9bd4a80
commit bd4bf00856
46 changed files with 1572 additions and 220 deletions
--- a/backend/internal/service/settings_view.go
+++ b/backend/internal/service/settings_view.go
@@ -8,6 +8,7 @@ type SystemSettings struct {
 	SmtpPort     int
 	SmtpUsername string
 	SmtpPassword string
+	SmtpPasswordConfigured bool
 	SmtpFrom     string
 	SmtpFromName string
 	SmtpUseTLS   bool
@@ -15,6 +16,7 @@ type SystemSettings struct {
 	TurnstileEnabled   bool
 	TurnstileSiteKey   string
 	TurnstileSecretKey string
+	TurnstileSecretKeyConfigured bool

 	SiteName     string
 	SiteLogo     string