c885051ab3
fix: nginx config serving assets as text/html instead of correct MIME type
Build and Deploy / build-and-deploy (push) Failing after 20s
2026-04-04 12:58:28 +08:00
seaislee1209
34e56ddf86
feat: v0.16.0 即时上传 + 音频视频前端校验 + 资产页修复 + Toast UI
...
- 即时上传:拖入文件后立刻上传 TOS,spinner/红色重试/禁用提交
- 音频校验:格式(MP3/WAV) + 时长[2,15.4]s + 总时长≤15.4s
- 视频校验:格式(MP4/MOV) + 时长[2,15.4]s + 总时长≤15.4s
- 后端 blob: URL 兜底拦截 + 音频错误文案优化
- 资产页:nginx 403 修复 + 倒序排列 + 加载更多按钮
- Toast:glass-card 毛玻璃风格 + 橙色感叹号图标
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 11:12:06 +08:00
seaislee1209
d9a12af078
fix: v0.8.5 安全加固 — CRITICAL/HIGH 漏洞修复
...
- C1/C2: 移除 settings.py 中硬编码的数据库密码和 SECRET_KEY 默认值
- K8s: DB_PASSWORD/DB_HOST/DB_USER/DJANGO_SECRET_KEY 改为 secretKeyRef
- H1: DEBUG 默认值从 True 改为 False
- H2: 登录接口添加 ScopedRateThrottle (5/min),全局限流 (anon 30/min, user 120/min)
- H4: Django Admin 仅在 DEBUG=True 时注册
- H6: PromptInput innerHTML 使用 DOMPurify 消毒防止 XSS
- H7: ALLOWED_HOSTS 从 "*" 收紧为实际域名
- H9: Nginx 添加安全响应头 + server_tokens off
- M1: 密码策略加强 (min 8 + CommonPassword + NumericPassword)
- M5: Django 生产环境安全头配置
- L1: 登录接口改为 POST-only
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 02:08:50 +08:00
f42eb64e25
Add CI/CD pipeline and K8S deployment
...
Build and Deploy / build-and-deploy (push) Successful in 3m13s
- Backend/Web Dockerfiles with multi-stage builds
- K8S deployments, services, and ingress for both domains
- Gitea Actions workflow: build → push to SWR → deploy to K3s
- Health check endpoint (/healthz/)
- CORS env var support for production domains
- Nginx reverse proxy for frontend → backend API
Domains:
- video-huoshan-api.airlabs.art (backend)
- video-huoshan-web.airlabs.art (frontend)
2026-03-13 10:24:31 +08:00
