hicccc77/WeFlow
1
0
Fork 0
mirror of https://github.com/hicccc77/WeFlow.git synced 2026-04-08 15:08:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,404 Commits 4 Branches 65 Tags
33188485b708a8c200fb97821eee1faed66ddca6
Commit Graph

1404 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason
76a55998c2 Add files via upload 2026-04-06 14:09:22 +08:00
Jason
1ec8d54e96 Merge branch 'hicccc77:main' into main 2026-04-06 14:07:31 +08:00
huanghe
62395b275d fix(security): harden HTTP API service against multiple vulnerabilities 
1. Path traversal in /api/v1/media/ — use path.resolve() and verify
   resolved path stays within media base directory
2. DoS via unlimited POST body — add 10MB size limit to parseBody()
3. Default no-auth — reject all requests when httpApiToken is not
   configured instead of silently allowing everything
4. Overly permissive CORS — restrict Access-Control-Allow-Origin from
   wildcard (*) to localhost/127.0.0.1 only
5. Timing attack on token comparison — use crypto.timingSafeEqual()
   instead of === for token verification
6. Unsafe default bind address — revert httpApiHost default from
   0.0.0.0 back to 127.0.0.1 to prevent network exposure

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-06 14:06:31 +08:00
cc
57fad47f27 Merge pull request #649 from hicccc77/dev 
Dev
 2026-04-06 13:45:04 +08:00
cc
20c5381211 更新 2026-04-06 13:23:16 +08:00
Jason
b8cd9a8c38 Merge branch 'hicccc77:main' into main 2026-04-06 13:13:15 +08:00
cc
4335abe31b 更新 2026-04-06 13:08:32 +08:00
cc
e5f7b54a7b Merge pull request #648 from hicccc77/main 
Merge pull request #647 from hicccc77/dev
 2026-04-06 13:06:33 +08:00
cc
ea1ef03b98 Merge pull request #647 from hicccc77/dev 
Dev
 2026-04-06 13:06:10 +08:00
cc
8d374d4f49 Merge branch 'main' into dev 2026-04-06 13:06:02 +08:00
cc
f910e17e53 Merge pull request #644 from fortii2/fix/export-worker-config 
#580 修复与部分引用功能相关联的无法读取解密配置的问题
 2026-04-06 13:04:13 +08:00
cc
35a76aa04f Merge pull request #643 from fortii2/issue-580-partial-quote 
#580 引用消息支持部分引用显示和导出
 2026-04-06 12:58:57 +08:00
cc
5fce21d799 Merge pull request #641 from FATFATHAO/fix-package 
fix: node25使用pnpm拉取文件时,ajv导致拉取失败的问题
 2026-04-06 12:52:38 +08:00
cc
a32696ee13 Merge branch 'dev' into fix-package 2026-04-06 12:52:18 +08:00
cc
b573baec80 Merge pull request #646 from hicccc77/dev 
Dev
 2026-04-06 12:49:47 +08:00
cc
0d4feceffc Merge branch 'dev' of https://github.com/hicccc77/WeFlow into dev 2026-04-06 12:48:59 +08:00
cc
92abe73f0a 更新 2026-04-06 12:48:53 +08:00
Jason
7fa26b0716 Merge pull request #8 from Jasonzhu1207/v0/jasonzhu081207-4751-1e322b3f 
Enable AI insights and system-native notifications
 2026-04-06 12:43:38 +08:00
Jason
dc49bf3877 Update package.json 2026-04-06 12:29:51 +08:00
v0
d825dada59 fix: correct electron-builder upload for prerelease tags 
Remove 'releaseType: "release"' to allow automatic handling of prerelease tags.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-06 04:28:32 +00:00
cc
74a08732fe Merge pull request #645 from hicccc77/dev 
修复了一些问题
 2026-04-06 12:16:38 +08:00
cc
7033a77d71 Merge branch 'main' into dev 2026-04-06 12:16:28 +08:00
cc
3b26e0c014 修复了一些问题 2026-04-06 12:15:50 +08:00
Jason
81ec51be33 Update release.yml 2026-04-06 12:09:14 +08:00
Jason
fbecda9f1e Update release.yml 2026-04-06 11:59:57 +08:00
v0
b6950d4027 fix: correct GitHub Actions release download failure 
Add '|| true' to suppress exit code from failed downloads

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-06 03:58:10 +00:00
Jason
f31327b528 Merge pull request #7 from Jasonzhu1207/v0/jasonzhu081207-4751-e705ab05 
Enable AI insights and system-native notifications
 2026-04-06 11:39:56 +08:00
v0
c4c7df2608 fix: resolve insight tab loading and performance issues 
Fix chat session loading logic and optimize session retrieval performance.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-06 03:35:39 +00:00
ethan
b8bf29277a 修复与部分引用功能相关联的无法读取解密配置的问题 2026-04-05 17:48:12 -04:00
ethan
867f85e8f2 实现 #580 引用消息支持部分引用显示 2026-04-05 17:39:22 -04:00
Jason
7fb98d764a Merge pull request #6 from Jasonzhu1207/v0/jasonzhu081207-4751-03d90813 
Enable AI insights and system-native notifications
 2026-04-06 01:49:04 +08:00
v0
792621d982 feat: use Electron's native Notification API for reliable alerts 
Replace custom 'showNotification' with Electron's 'Notification' for system-level alerts.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 17:47:14 +00:00
fatfathao
337fe21d18 fix: node25使用pnpm拉取文件时,ajv导致拉取失败的问题 2026-04-06 01:40:06 +08:00
Jason
c92b50b6ec Merge pull request #5 from Jasonzhu1207/v0/jasonzhu081207-4751-8b63b98d 
Enable AI insights and whitelist management in settings
 2026-04-06 01:35:19 +08:00
v0
f83117df20 feat: update prompt to force insights output 
Modify prompt to encourage model to output insights, disallow SKIP in test mode.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 17:33:09 +00:00
Jason
b7b7260838 Merge pull request #4 from Jasonzhu1207/v0/jasonzhu081207-4751-507441fc 
Enable AI insights and whitelist management in settings
 2026-04-06 01:22:46 +08:00
v0
dd960d30ff fix: remove leftover old catch block 
Clean up mismatched catch block from previous edit.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 17:21:24 +00:00
v0
89f3ec57f5 feat: add configurable AI insight settings and desktop logging 
Introduce new configurable fields and log insights to desktop.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 17:20:23 +00:00
v0
95f1e73a39 fix: resolve core bugs and enhance logging for AI insights 
Fix aggressive activity analysis and loop bug, add detailed logs, and introduce test trigger button.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 17:11:05 +00:00
Jason
aa029fe113 Merge pull request #3 from Jasonzhu1207/v0/jasonzhu081207-4751-c1e23024 
Enable AI insights and whitelist management in settings
 2026-04-06 00:45:11 +08:00
v0
5971757a28 feat: add aiInsightWhitelist to settings page 
Implement aiInsightWhitelist feature with UI and filtering logic.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 16:42:43 +00:00
Jason
1e16ea887b Merge pull request #2 from Jasonzhu1207/v0/jasonzhu081207-4751-3942175b 
Add AI insights service and settings tab
 2026-04-06 00:12:13 +08:00
v0
837f15c5e8 fix: update repository owner and URL in electron-builder config 
Correct hardcoded owner and repository URL in package.json for proper release publishing.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 16:10:37 +00:00
Jason
f71ff7392c Update package.json 2026-04-05 23:59:09 +08:00
Jason
97ba95e2be Update repository URL in package.json 2026-04-05 23:58:17 +08:00
v0
6aae23180f fix: resolve TypeScript errors in GitHub Actions build 
Fix type issues and update import syntax for better compatibility.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 15:51:40 +00:00
v0
49e82e43e4 fix: resolve TypeScript type issues in CI builds 
Fix multiple type errors and improve type checks in build scripts.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 15:50:00 +00:00
Jason
301c490893 Merge pull request #1 from Jasonzhu1207/ai 
Add AI insights service and settings tab
 2026-04-05 23:33:04 +08:00
v0
93a9df48f4 feat: implement AI insights service and settings tab 
Add core insight service and IPC handlers; update config and settings page.

Co-authored-by: Jason <159670257+Jasonzhu1207@users.noreply.github.com>
 2026-04-05 15:32:22 +00:00
cc
209b91bfef Merge pull request #638 from hicccc77/dev 
Dev
 2026-04-05 19:21:28 +08:00