d9a12af078
- C1/C2: 移除 settings.py 中硬编码的数据库密码和 SECRET_KEY 默认值 - K8s: DB_PASSWORD/DB_HOST/DB_USER/DJANGO_SECRET_KEY 改为 secretKeyRef - H1: DEBUG 默认值从 True 改为 False - H2: 登录接口添加 ScopedRateThrottle (5/min),全局限流 (anon 30/min, user 120/min) - H4: Django Admin 仅在 DEBUG=True 时注册 - H6: PromptInput innerHTML 使用 DOMPurify 消毒防止 XSS - H7: ALLOWED_HOSTS 从 "*" 收紧为实际域名 - H9: Nginx 添加安全响应头 + server_tokens off - M1: 密码策略加强 (min 8 + CommonPassword + NumericPassword) - M5: Django 生产环境安全头配置 - L1: 登录接口改为 POST-only Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
39 lines
984 B
JSON
39 lines
984 B
JSON
{
|
|
"name": "jimeng-clone",
|
|
"private": true,
|
|
"version": "1.0.0",
|
|
"type": "module",
|
|
"scripts": {
|
|
"dev": "vite",
|
|
"build": "tsc -b && vite build",
|
|
"start": "vite preview",
|
|
"preview": "vite preview"
|
|
},
|
|
"dependencies": {
|
|
"@arco-design/web-react": "^2.64.0",
|
|
"axios": "^1.13.6",
|
|
"dompurify": "^3.3.3",
|
|
"echarts": "^6.0.0",
|
|
"echarts-for-react": "^3.0.6",
|
|
"react": "^18.3.1",
|
|
"react-dom": "^18.3.1",
|
|
"react-router-dom": "^7.13.1",
|
|
"zustand": "^5.0.3"
|
|
},
|
|
"devDependencies": {
|
|
"@playwright/test": "^1.58.2",
|
|
"@testing-library/jest-dom": "^6.9.1",
|
|
"@testing-library/react": "^16.3.2",
|
|
"@testing-library/user-event": "^14.6.1",
|
|
"@types/dompurify": "^3.0.5",
|
|
"@types/react": "^18.3.18",
|
|
"@types/react-dom": "^18.3.5",
|
|
"@types/react-router-dom": "^5.3.3",
|
|
"@vitejs/plugin-react": "^4.3.4",
|
|
"jsdom": "^28.1.0",
|
|
"typescript": "~5.6.2",
|
|
"vite": "^6.0.5",
|
|
"vitest": "^4.0.18"
|
|
}
|
|
}
|