From 439c432c7c82d4fece51bd2a8f189640a4824814 Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 4 May 2026 14:08:08 +0800 Subject: [PATCH] =?UTF-8?q?security:=20=E6=B8=85=E9=99=A4=20.claude/settin?= =?UTF-8?q?gs.json=20=E6=B4=A9=E6=BC=8F=E7=9A=84=20Gitea=20API=20token?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 問題: .claude/settings.json 被 git 追蹤,內含 15 處 Gitea API token (2fa33d4e...,由 Claude Code bash history 自動記錄產生) 修復: 1. 將 token 全數替換為 REDACTED_GITEA_TOKEN(15 處) 2. 將 .claude/settings.json 加入 .gitignore,防止再次追蹤 需要同步行動: - 請在 Gitea 撤銷 token 2fa33d4e6d8ef1806c18875ed6fec216c8a10e78 - 歷史 commit 中仍含 token(無法 rewrite 公開 history) 2026-05-04 ogt + Claude Sonnet 4.6 Co-Authored-By: Claude Sonnet 4.6 --- .claude/settings.json | 30 +++++++++++++++--------------- .gitignore | 1 + 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/.claude/settings.json b/.claude/settings.json index 57f0b8b1..84db472c 100644 --- a/.claude/settings.json +++ b/.claude/settings.json @@ -563,21 +563,21 @@ "mcp__plugin_playwright_playwright__browser_navigate", "mcp__plugin_playwright_playwright__browser_take_screenshot", "Bash(open \"http://192.168.0.110:3001/wooo/awoooi/actions\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=5\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/166/jobs\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=10\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runners\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/admin/runners\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=3\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/169/jobs\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/179/logs\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" JOB_ID=180 curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/$JOB_ID/logs\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=2\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" JOB_ID=181 curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/$JOB_ID/logs\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/172/jobs\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/182/logs\" -H \"Authorization: token $TOKEN\")", - "Bash(TOKEN=\"2fa33d4e6d8ef1806c18875ed6fec216c8a10e78\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/178\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=5\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/166/jobs\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=10\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runners\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/admin/runners\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=3\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/169/jobs\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/179/logs\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" JOB_ID=180 curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/$JOB_ID/logs\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs?limit=2\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" JOB_ID=181 curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/$JOB_ID/logs\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/172/jobs\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/jobs/182/logs\" -H \"Authorization: token $TOKEN\")", + "Bash(TOKEN=\"REDACTED_GITEA_TOKEN\" curl -s \"http://192.168.0.110:3001/api/v1/repos/wooo/awoooi/actions/runs/178\" -H \"Authorization: token $TOKEN\")", "mcp__plugin_playwright_playwright__browser_snapshot", "mcp__plugin_playwright_playwright__browser_fill_form", "mcp__plugin_playwright_playwright__browser_click", diff --git a/.gitignore b/.gitignore index ac9c6330..c5963e5b 100644 --- a/.gitignore +++ b/.gitignore @@ -92,3 +92,4 @@ tsconfig.tsbuildinfo .aider* !.aiderignore .claude/settings.local.json +.claude/settings.json