hicccc77/WeFlow
1
0
Fork 0
mirror of https://github.com/hicccc77/WeFlow.git synced 2026-04-07 15:08:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,305 Commits 2 Branches 64 Tags
62395b275d974f2dcd2f2d475e772cf8c072b5c5
Commit Graph

1305 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
huanghe
62395b275d fix(security): harden HTTP API service against multiple vulnerabilities 
1. Path traversal in /api/v1/media/ — use path.resolve() and verify
   resolved path stays within media base directory
2. DoS via unlimited POST body — add 10MB size limit to parseBody()
3. Default no-auth — reject all requests when httpApiToken is not
   configured instead of silently allowing everything
4. Overly permissive CORS — restrict Access-Control-Allow-Origin from
   wildcard (*) to localhost/127.0.0.1 only
5. Timing attack on token comparison — use crypto.timingSafeEqual()
   instead of === for token verification
6. Unsafe default bind address — revert httpApiHost default from
   0.0.0.0 back to 127.0.0.1 to prevent network exposure

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-06 14:06:31 +08:00
cc
209b91bfef Merge pull request #638 from hicccc77/dev 
Dev
 2026-04-05 19:21:28 +08:00
cc
1049f55118 Merge branch 'dev' of https://github.com/hicccc77/WeFlow into dev 2026-04-05 14:53:14 +08:00
cc
ba7785a359 修复发布日期问题 2026-04-05 14:53:11 +08:00
cc
e6c821d3ee Merge pull request #637 from hicccc77/dev 
交互细节修复与代码修复
 2026-04-05 11:24:35 +08:00
cc
17a7741697 Merge branch 'main' into dev 2026-04-05 11:24:26 +08:00
cc
f00525d21a 交互细节修复与代码修复 2026-04-05 10:57:49 +08:00
cc
f5c79c1fab Merge pull request #636 from hicccc77/dev 
Dev
 2026-04-04 23:27:27 +08:00
cc
4fc0a92651 更新资源文件 2026-04-04 23:25:21 +08:00
cc
585ec39f8e Merge branch 'dev' of https://github.com/hicccc77/WeFlow into dev 2026-04-04 23:14:57 +08:00
cc
a0189fdd0a 修复 #597;实现 #556;修复 #623与 #543;修复卡片图片问题 2026-04-04 23:14:54 +08:00
cc
ede31732b3 Merge pull request #634 from BeiChen-CN/main 
feat:支持导出聊天记录中的文件
 2026-04-04 20:16:05 +08:00
姜北尘
a60381522d fix 2026-04-04 20:04:01 +08:00
姜北尘
64010ad86b feat:添加导出文件 2026-04-04 19:45:05 +08:00
cc
e628154b78 Merge pull request #632 from hicccc77/dev 
Dev
 2026-04-04 14:04:47 +08:00
cc
e5baf5e994 Merge branch 'main' into dev 2026-04-04 14:04:35 +08:00
cc
05fdbab496 更新信息 2026-04-04 13:26:06 +08:00
cc
512b1f6455 Merge branch 'dev' of https://github.com/hicccc77/WeFlow into dev 2026-04-04 10:57:46 +08:00
cc
5615d83f04 修复更新渠道问题 2026-04-04 10:57:43 +08:00
cc
ee38918516 Merge pull request #630 from hicccc77/dev 
Dev
 2026-04-04 09:54:46 +08:00
H3CoF6
d1b8d86a20 Merge pull request #625 from H3CoF6/dev 
修复biz的一些问题
 2026-04-04 02:58:54 +08:00
H3CoF6
25ef7c5d8a 更快的排序 2026-04-04 02:52:12 +08:00
H3CoF6
db429abf5b 时间排序 2026-04-04 02:34:57 +08:00
H3CoF6
19d5ae7e15 fix: 修复账号类型,删除广告账号 2026-04-04 01:53:03 +08:00
cc
fcbd613f4a Merge branch 'dev' of https://github.com/hicccc77/WeFlow into dev 2026-04-03 23:23:47 +08:00
cc
5fae370c55 更新打包 2026-04-03 23:23:42 +08:00
xuncha
f2dbe6ee8f Merge pull request #622 from xunchahaha/dev 
Dev
 2026-04-03 21:11:08 +08:00
xuncha
0175a6998b Merge branch 'dev' into dev 2026-04-03 21:08:36 +08:00
xuncha
758de9949b 新增开机自启动 [Enhancement]: 希望能够支持静默启动和开机自启动 
Fixes #516
 2026-04-03 21:08:05 +08:00
xuncha
81b8960d41 双人年度报告支持导出 [Enhancement]: 双人年度报告不支持导出 但总年度报告支持 
Fixes #531
 2026-04-03 21:07:44 +08:00
xuncha
5b25619b24 Merge pull request #620 from xunchahaha/dev 
卡片链接新增解析
 2026-04-03 20:50:44 +08:00
xuncha
62e23aaf23 卡片链接新增解析 2026-04-03 20:47:15 +08:00
cc
aac8eed898 Merge branch 'dev' of https://github.com/hicccc77/WeFlow into dev 2026-04-03 20:35:10 +08:00
cc
108980befb 修复了一些问题 2026-04-03 20:34:57 +08:00
xuncha
a6c899c098 Merge pull request #557 from jinkangHe/dev 
feat(sns):增加朋友圈相关api
 2026-04-03 20:14:57 +08:00
xuncha
28170d31df Merge branch 'dev' into dev 2026-04-03 20:11:25 +08:00
cc
ce8d272d6e Merge pull request #619 from hicccc77/dev 
Dev
 2026-04-03 20:10:37 +08:00
cc
0047685f54 修复了一些问题 2026-04-03 20:09:37 +08:00
xuncha
2cc0fc64a4 Merge branch 'dev' into dev 2026-04-03 20:08:03 +08:00
xuncha
67642cebfd fix(http): stream live sns media and clarify docs 2026-04-03 20:07:11 +08:00
cc
327dc85d14 优化通道结构 2026-04-03 20:05:23 +08:00
cc
8c4f42bab1 Merge branch 'dev' into dev 2026-04-03 19:52:35 +08:00
cc
40c29e494c 更新配置文件 2026-04-03 19:49:43 +08:00
xuncha
0235ec7edc Merge branch 'dev' into dev 2026-04-03 19:49:29 +08:00
cc
fa2a000624 Merge pull request #617 from hicccc77/dependabot/npm_and_yarn/dev/electron-store-11.0.2 
chore(deps): bump electron-store from 10.1.0 to 11.0.2
 2026-04-03 19:43:41 +08:00
dependabot[bot]
861b24cef1 chore(deps): bump electron-store from 10.1.0 to 11.0.2 
Bumps [electron-store](https://github.com/sindresorhus/electron-store) from 10.1.0 to 11.0.2.
- [Release notes](https://github.com/sindresorhus/electron-store/releases)
- [Commits](https://github.com/sindresorhus/electron-store/compare/v10.1.0...v11.0.2)

---
updated-dependencies:
- dependency-name: electron-store
  dependency-version: 11.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-03 11:42:44 +00:00
cc
ee1977384e Merge pull request #616 from hicccc77/dependabot/npm_and_yarn/dev/react-router-dom-7.14.0 
chore(deps): bump react-router-dom from 7.13.2 to 7.14.0
 2026-04-03 19:41:56 +08:00
cc
5d08505f62 Merge pull request #614 from hicccc77/dependabot/npm_and_yarn/dev/electron-41.1.1 
chore(deps-dev): bump electron from 39.8.6 to 41.1.1
 2026-04-03 19:41:32 +08:00
cc
ab21124327 Merge branch 'dev' into dependabot/npm_and_yarn/dev/electron-41.1.1 2026-04-03 19:41:16 +08:00
cc
1df792ec9c Merge branch 'dev' of https://github.com/hicccc77/WeFlow into dev 2026-04-03 19:35:11 +08:00