erio
a9880ee7b9
fix: round-2 audit fixes — security, code quality, and UI improvements
Security (HIGH):
- Normalize all Redis cache keys to lowercase (verifyCode, passwordReset)
- Fix verify code TTL renewal on failed attempts: use remaining TTL via
ExpiresAt field instead of resetting to full 15-minute window
- Add 3 missing fields to diffSettings audit log (promo_code, invitation_code,
custom_endpoints)
Code quality (MEDIUM):
- Extract filterVerifiedEmails shared helper (balance_notify_service.go)
- Add Pricing array non-empty validation for channel pricing rules
- Add platform token semantics comment in gateway_service.go
- Complete validatePlanPatch test coverage (+10 test cases)
- Replace string types with QuotaThresholdType/QuotaResetMode across frontend
- Remove duplicate getPlatformTextColor/getRateBadgeClass in ChannelsView
- Return EMAIL_NOT_FOUND error on RemoveNotifyEmail miss
UI improvements:
- Reorder cost tooltip: user billing above separator, account billing below
- Add NaN guard to accountBilled function
- Move timezone selector inline into reset-mode row (no longer standalone)
2026-04-14 09:35:05 +08:00
..
2026-02-10 00:37:56 +08:00
2026-04-14 09:35:05 +08:00
2026-04-14 09:35:05 +08:00
2026-04-09 02:20:51 +00:00
2026-04-04 11:13:58 +08:00
2026-04-13 06:55:57 +08:00
2025-12-29 19:38:33 +08:00
2026-03-19 22:27:55 +08:00
2026-03-24 10:22:08 +08:00
2026-04-13 19:24:33 +08:00
2026-04-13 14:07:12 +08:00
2026-04-14 09:26:08 +08:00