egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
150547d440a48e677c0bfbedbf5daf829658e561
PROJECT-CONTORL/backend/app/schemas/comment.py
beabigegg 35c90fe76b feat: implement 5 QA-driven security and quality proposals 
Implemented proposals from comprehensive QA review:

1. extend-csrf-protection
   - Add POST to CSRF protected methods in frontend
   - Global CSRF middleware for all state-changing operations
   - Update tests with CSRF token fixtures

2. tighten-cors-websocket-security
   - Replace wildcard CORS with explicit method/header lists
   - Disable query parameter auth in production (code 4002)
   - Add per-user WebSocket connection limit (max 5, code 4005)

3. shorten-jwt-expiry
   - Reduce JWT expiry from 7 days to 60 minutes
   - Add refresh token support with 7-day expiry
   - Implement token rotation on refresh
   - Frontend auto-refresh when token near expiry (<5 min)

4. fix-frontend-quality
   - Add React.lazy() code splitting for all pages
   - Fix useCallback dependency arrays (Dashboard, Comments)
   - Add localStorage data validation in AuthContext
   - Complete i18n for AttachmentUpload component

5. enhance-backend-validation
   - Add SecurityAuditMiddleware for access denied logging
   - Add ErrorSanitizerMiddleware for production error messages
   - Protect /health/detailed with admin authentication
   - Add input length validation (comment 5000, desc 10000)

All 521 backend tests passing. Frontend builds successfully.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-12 23:19:05 +08:00

53 lines
1.0 KiB
Python
Raw Blame History

from datetime import datetime
from typing import Optional, List
from pydantic import BaseModel, Field
class CommentCreate(BaseModel):
content: str = Field(..., min_length=1, max_length=5000)
parent_comment_id: Optional[str] = None
class CommentUpdate(BaseModel):
content: str = Field(..., min_length=1, max_length=5000)
class CommentAuthor(BaseModel):
id: str
name: str
email: str
class Config:
from_attributes = True
class MentionedUser(BaseModel):
id: str
name: str
email: str
class Config:
from_attributes = True
class CommentResponse(BaseModel):
id: str
task_id: str
parent_comment_id: Optional[str]
content: str
is_edited: bool
is_deleted: bool
created_at: datetime
updated_at: datetime
author: CommentAuthor
mentions: List[MentionedUser] = []
reply_count: int = 0
class Config:
from_attributes = True
class CommentListResponse(BaseModel):
comments: List[CommentResponse]
total: int
Reference in New Issue View Git Blame Copy Permalink