Files

beabigegg 35c90fe76b feat: implement 5 QA-driven security and quality proposals

Implemented proposals from comprehensive QA review:

1. extend-csrf-protection
   - Add POST to CSRF protected methods in frontend
   - Global CSRF middleware for all state-changing operations
   - Update tests with CSRF token fixtures

2. tighten-cors-websocket-security
   - Replace wildcard CORS with explicit method/header lists
   - Disable query parameter auth in production (code 4002)
   - Add per-user WebSocket connection limit (max 5, code 4005)

3. shorten-jwt-expiry
   - Reduce JWT expiry from 7 days to 60 minutes
   - Add refresh token support with 7-day expiry
   - Implement token rotation on refresh
   - Frontend auto-refresh when token near expiry (<5 min)

4. fix-frontend-quality
   - Add React.lazy() code splitting for all pages
   - Fix useCallback dependency arrays (Dashboard, Comments)
   - Add localStorage data validation in AuthContext
   - Complete i18n for AttachmentUpload component

5. enhance-backend-validation
   - Add SecurityAuditMiddleware for access denied logging
   - Add ErrorSanitizerMiddleware for production error messages
   - Protect /health/detailed with admin authentication
   - Add input length validation (comment 5000, desc 10000)

All 521 backend tests passing. Frontend builds successfully.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-12 23:19:05 +08:00

app

feat: implement 5 QA-driven security and quality proposals

2026-01-12 23:19:05 +08:00

migrations

feat: implement 8 OpenSpec proposals for security, reliability, and UX improvements

2026-01-10 22:13:43 +08:00

tests

feat: implement 5 QA-driven security and quality proposals

2026-01-12 23:19:05 +08:00

.env

feat: implement task management module

2025-12-29 00:31:34 +08:00

.env.example

feat: implement custom fields, gantt view, calendar view, and file encryption

2026-01-05 23:39:12 +08:00

.gitignore

feat: implement task management module

2025-12-29 00:31:34 +08:00

alembic.ini

feat: implement user authentication module

2025-12-28 23:41:37 +08:00

environment.yml

feat: implement task management module

2025-12-29 00:31:34 +08:00

pytest.ini

feat: implement user authentication module

2025-12-28 23:41:37 +08:00

README.md

feat: implement task management module

2025-12-29 00:31:34 +08:00

requirements.txt

feat: complete issue fixes and implement remaining features

2026-01-04 21:49:52 +08:00

README.md

PROJECT CONTROL Backend

FastAPI 後端服務

系統需求

必要服務

服務	版本	說明
Python	3.11+	執行環境
MySQL	8.0+	主要資料庫
Redis	6.0+	Session 存儲

Redis Server 安裝

Redis Python 套件 (redis==5.0.1) 僅為客戶端，需另外安裝 Redis Server：

macOS (Homebrew):

brew install redis
brew services start redis

Ubuntu/Debian:

sudo apt update
sudo apt install redis-server
sudo systemctl start redis-server
sudo systemctl enable redis-server

Docker:

docker run -d --name redis -p 6379:6379 redis:alpine

驗證安裝:

redis-cli ping
# 應回傳 PONG

環境建置

# 使用 Conda
conda env create -f environment.yml
conda activate pjctrl

# 或使用 pip
pip install -r requirements.txt

設定

複製並編輯環境變數：

cp .env.example .env

主要設定項目：

MYSQL_* - 資料庫連線
REDIS_* - Redis 連線
JWT_SECRET_KEY - JWT 簽名密鑰 (生產環境必須更換)
AUTH_API_URL - 外部認證 API

執行

# 開發模式
uvicorn app.main:app --reload --port 8000

# 生產模式
uvicorn app.main:app --host 0.0.0.0 --port 8000

資料庫遷移

# 升級至最新版本
alembic upgrade head

# 回滾一個版本
alembic downgrade -1

測試

pytest -v

README.md Unescape Escape

PROJECT CONTROL Backend

系統需求

必要服務

Redis Server 安裝

環境建置

設定

執行

資料庫遷移

測試

README.md