egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement security, error resilience, and query optimization proposals

Browse Source 
Security Validation (enhance-security-validation):
- JWT secret validation with entropy checking and pattern detection
- CSRF protection middleware with token generation/validation
- Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests
- MIME type validation with magic bytes detection for file uploads

Error Resilience (add-error-resilience):
- React ErrorBoundary component with fallback UI and retry functionality
- ErrorBoundaryWithI18n wrapper for internationalization support
- Page-level and section-level error boundaries in App.tsx

Query Performance (optimize-query-performance):
- Query monitoring utility with threshold warnings
- N+1 query fixes using joinedload/selectinload
- Optimized project members, tasks, and subtasks endpoints

Bug Fixes:
- WebSocket session management (P0): Return primitives instead of ORM objects
- LIKE query injection (P1): Escape special characters in search queries

Tests: 543 backend tests, 56 frontend tests passing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beabigegg
2026-01-11 18:41:19 +08:00
parent 2cb591ef23
commit 679b89ae4c
41 changed files with 3673 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
openspec/specs/resource-management/spec.md
View File

@@ -178,6 +178,24 @@ The system SHALL support explicit project membership to enable cross-department
- **WHEN** a user not in project membership list attempts to access confidential project
- **THEN** system denies access unless user is in the project's department
### Requirement: Optimized Relationship Loading
The system SHALL use efficient query patterns to avoid N+1 query problems when loading related entities.
#### Scenario: Project member list loading
- **WHEN** loading a project with its members
- **THEN** the system SHALL load all members in at most 2 database queries
- **AND** NOT one query per member
#### Scenario: Task assignee loading
- **WHEN** loading a list of tasks with their assignees
- **THEN** the system SHALL batch load assignee details
- **AND** NOT query each assignee individually
#### Scenario: Query count monitoring
- **WHEN** running in development mode
- **THEN** the system SHALL log query counts per request
- **AND** warn when query count exceeds threshold (e.g., 10 queries)
## Data Model
```