egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement 8 OpenSpec proposals for security, reliability, and UX improvements

Browse Source 
## Security Enhancements (P0)
- Add input validation with max_length and numeric range constraints
- Implement WebSocket token authentication via first message
- Add path traversal prevention in file storage service

## Permission Enhancements (P0)
- Add project member management for cross-department access
- Implement is_department_manager flag for workload visibility

## Cycle Detection (P0)
- Add DFS-based cycle detection for task dependencies
- Add formula field circular reference detection
- Display user-friendly cycle path visualization

## Concurrency & Reliability (P1)
- Implement optimistic locking with version field (409 Conflict on mismatch)
- Add trigger retry mechanism with exponential backoff (1s, 2s, 4s)
- Implement cascade restore for soft-deleted tasks

## Rate Limiting (P1)
- Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min)
- Apply rate limits to tasks, reports, attachments, and comments

## Frontend Improvements (P1)
- Add responsive sidebar with hamburger menu for mobile
- Improve touch-friendly UI with proper tap target sizes
- Complete i18n translations for all components

## Backend Reliability (P2)
- Configure database connection pool (size=10, overflow=20)
- Add Redis fallback mechanism with message queue
- Add blocker check before task deletion

## API Enhancements (P3)
- Add standardized response wrapper utility
- Add /health/ready and /health/live endpoints
- Implement project templates with status/field copying

## Tests Added
- test_input_validation.py - Schema and path traversal tests
- test_concurrency_reliability.py - Optimistic locking and retry tests
- test_backend_reliability.py - Connection pool and Redis tests
- test_api_enhancements.py - Health check and template tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beabigegg
2026-01-10 22:13:43 +08:00
parent 96210c7ad4
commit 3bdc6ff1c9
106 changed files with 9704 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
openspec/changes/archive/2026-01-10-add-rate-limiting-expansion/proposal.md Normal file
View File

@@ -0,0 +1,17 @@
# Change: Expand Rate Limiting to Sensitive API Endpoints
## Why
Currently only the login endpoint has rate limiting. Other sensitive operations (task creation, report generation, bulk operations) can be abused through excessive requests, potentially causing service degradation or enabling brute-force attacks.
## What Changes
- Apply rate limiting to task creation/update endpoints
- Apply rate limiting to report generation endpoints
- Apply rate limiting to bulk operation endpoints
- Add configurable rate limit tiers based on endpoint sensitivity
## Impact
- Affected specs: user-auth
- Affected code:
- `backend/app/api/tasks/router.py` - Task rate limits
- `backend/app/api/reports/router.py` - Report rate limits
- `backend/app/core/config.py` - Rate limit configuration