fix(security): 體健修復 — 7項 Critical/Major 安全問題全修
Some checks failed
CD Pipeline / build-and-deploy (push) Failing after 35s

## Critical 修復 (C1-C5)
- C1: git rm --cached 03-secrets.yaml(CHANGE_ME 模板不再追蹤)
- C2: git rm --cached awoooi.db + .gitignore 加 *.db(SQLite HARD_RULES 違規)
- C3: sentry-tunnel SENTRY_HOST 改為 process.env fallback
- C4: config.py DATABASE_URL 移除 changeme default,改為必填
- C5: run_migration.py 改為 os.environ["DATABASE_URL"]

## Major 修復 (M1-M4)
- M1: auto_repair /execute 加 CSRF 保護 + AutoRepairPanel.tsx 同步
- M2: drift /rollback /adopt 加 CSRF 保護(/internal/scan 保持無 CSRF)
- M3: terminal /intent 加 CSRF 保護 + terminal.store.ts 同步
- M4: live-dashboard HOST_IPS + host-grid VIP 改為 env var

## 其他
- 新增 apps/web/.env.example(6 個 env var 說明)
- K8s deployment-web 補入 3 個新 env var
- 整合測試:新增 aider_event_repository + ai_router_feedback 真實 DB 測試
- test_terminal.py CSRF dependency override 修復

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Your Name
2026-04-22 01:27:39 +08:00
parent 3dbb3d70b4
commit d0591c54b0
21 changed files with 428 additions and 77 deletions

View File

@@ -16,6 +16,8 @@ Phase 8.2: API Router 實作
from fastapi import APIRouter, HTTPException, Query
from pydantic import BaseModel, Field
from src.core.csrf import CSRFToken # Phase 20: CSRF Protection
from src.services.auto_repair_service import (
get_auto_repair_service,
)
@@ -106,7 +108,7 @@ async def evaluate_auto_repair(incident_id: str) -> EvaluateResponse:
@router.post("/execute", response_model=ExecuteResponse)
async def execute_auto_repair(request: ExecuteRequest) -> ExecuteResponse:
async def execute_auto_repair(request: ExecuteRequest, _csrf_token: CSRFToken) -> ExecuteResponse: # Phase 20: CSRF Protection (驗證用,不需要使用值)
"""
執行自動修復

View File

@@ -15,6 +15,8 @@ leWOOOgo 積木化原則:
from fastapi import APIRouter, BackgroundTasks, HTTPException
from src.core.csrf import CSRFToken # Phase 20: CSRF Protection
from src.models.drift import (
DriftListResponse,
DriftReport,
@@ -95,7 +97,7 @@ async def list_drift_reports() -> DriftListResponse:
@router.post("/reports/{report_id}/rollback", summary="覆蓋回 Git 狀態")
async def rollback_drift(report_id: str) -> dict:
async def rollback_drift(report_id: str, _csrf_token: CSRFToken) -> dict: # Phase 20: CSRF Protection (驗證用,不需要使用值)
"""
將 K8s 狀態覆蓋回 Git YAMLkubectl apply
@@ -112,7 +114,7 @@ async def rollback_drift(report_id: str) -> dict:
@router.post("/reports/{report_id}/adopt", summary="承認變更並建立 Git PR")
async def adopt_drift(report_id: str) -> dict:
async def adopt_drift(report_id: str, _csrf_token: CSRFToken) -> dict: # Phase 20: CSRF Protection (驗證用,不需要使用值)
"""
承認 K8s 漂移,透過 Gitea PR API 將漂移寫回 Git

View File

@@ -34,6 +34,7 @@ from src.models.terminal import (
TerminalIntentResponse,
TerminalStatusResponse,
)
from src.core.csrf import CSRFToken # Phase 20: CSRF Protection
from src.services.terminal_service import TerminalService, get_terminal_service
# Type alias for dependency injection
@@ -58,6 +59,7 @@ logger = get_logger("awoooi.terminal.router")
async def submit_intent(
request: TerminalIntentRequest,
service: TerminalServiceDep,
_csrf_token: CSRFToken, # Phase 20: CSRF Protection (驗證用,不需要使用值)
) -> TerminalIntentResponse:
"""
提交意圖請求

View File

@@ -168,9 +168,10 @@ class Settings(BaseSettings):
# ==========================================================================
# Database (PostgreSQL on 192.168.0.188)
# ==========================================================================
# 2026-04-22 ogt: 移除含 changeme 的 default改為必填。
# 來源: K8s Secret awoooi-secrets → DATABASE_URL
DATABASE_URL: str = Field(
default="postgresql+asyncpg://awoooi:changeme@192.168.0.188:5432/awoooi_prod",
description="PostgreSQL connection URL",
description="PostgreSQL connection URL (必填,從 K8s Secret awoooi-secrets → DATABASE_URL 取得)",
)
# ==========================================================================