seaislee1209 d9a12af078 fix: v0.8.5 安全加固 — CRITICAL/HIGH 漏洞修复 ...

- C1/C2: 移除 settings.py 中硬编码的数据库密码和 SECRET_KEY 默认值
- K8s: DB_PASSWORD/DB_HOST/DB_USER/DJANGO_SECRET_KEY 改为 secretKeyRef
- H1: DEBUG 默认值从 True 改为 False
- H2: 登录接口添加 ScopedRateThrottle (5/min)，全局限流 (anon 30/min, user 120/min)
- H4: Django Admin 仅在 DEBUG=True 时注册
- H6: PromptInput innerHTML 使用 DOMPurify 消毒防止 XSS
- H7: ALLOWED_HOSTS 从 "*" 收紧为实际域名
- H9: Nginx 添加安全响应头 + server_tokens off
- M1: 密码策略加强 (min 8 + CommonPassword + NumericPassword)
- M5: Django 生产环境安全头配置
- L1: 登录接口改为 POST-only

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-16 02:08:50 +08:00

.agent-auto

feat: integrate Seedance API key via K8s Secret and auto-create admin user

2026-03-15 00:41:22 +08:00

.gitea/workflows

feat: v0.8.0 — Seedance API 全流程修复 + TOS 视频持久化

2026-03-15 21:26:27 +08:00

.playwright-mcp

add agent-auto file

2026-03-13 10:03:12 +08:00

backend

fix: v0.8.5 安全加固 — CRITICAL/HIGH 漏洞修复

2026-03-16 02:08:50 +08:00

docs

fix: v0.8.5 安全加固 — CRITICAL/HIGH 漏洞修复

2026-03-16 02:08:50 +08:00

k8s

fix: v0.8.5 安全加固 — CRITICAL/HIGH 漏洞修复

2026-03-16 02:08:50 +08:00

logs

add agent-auto file

2026-03-13 10:03:12 +08:00

prototype

Initial commit: 即梦视频生成平台

2026-03-13 09:59:33 +08:00

web

fix: v0.8.5 安全加固 — CRITICAL/HIGH 漏洞修复

2026-03-16 02:08:50 +08:00

.gitignore

add 存储桶

2026-03-13 15:38:08 +08:00

CLAUDE.md

feat: v0.8.2~v0.8.4 — 管理后台 UI 修复 + 团队详情重构 + 审计日志系统

2026-03-16 01:18:44 +08:00

test-report.md

Initial commit: 即梦视频生成平台

2026-03-13 09:59:33 +08:00

Description

火山视频生成

96 MiB

Languages

TypeScript 51.6%

Python 27.3%

HTML 11.1%

CSS 9.9%

Dockerfile 0.1%