saa99999 a17fa5a103 Fix CWE-347: JWT algorithm confusion + CWE-798: hardcoded credentials in example config (#131) ...

- Add HMAC algorithm verification in ParseToken to prevent JWT algorithm
  confusion attacks (CWE-347). Reject tokens with non-HMAC signing methods.
- Replace hardcoded secrets in config.yml.example with empty values
  (JWT key, DB password, AES key) to prevent users from deploying with
  weak/known credentials (CWE-798).

2026-05-27 19:10:12 +08:00

..

conf.go

!134 feat: 新增支持es和连接池

2025-05-21 04:42:30 +00:00

f.go

feat: flow design & page query refactor

2025-05-20 21:04:47 +08:00

ginf.go

fix: sql脚本问题修复等

2024-04-23 11:35:45 +08:00

jwt.go

Fix CWE-347: JWT algorithm confusion + CWE-798: hardcoded credentials in example config (#131)

2026-05-27 19:10:12 +08:00

log_handler.go

refactor: 协程启动优化、tagviews调整

2026-01-20 19:45:46 +08:00

permission_handler.go

refactor: 前端生产路由改为history、依赖版本升级

2026-03-05 20:31:57 +08:00

req_ctx.go

refactor: 前端生产路由改为history、依赖版本升级

2026-03-05 20:31:57 +08:00

router.go

refactor: 包优化&其他问题修复

2026-01-25 14:16:16 +08:00

util.go

refactor: 参数绑定等优化

2026-02-07 13:12:07 +08:00