aa65f10c52
Audit docs:
- docs/reports/audit-phase-2{a-j}-line-walk.md: per-file line walk findings
- docs/reports/audit-phase-2-findings-matrix.md: 63 findings (52 fixed, 3 partial, 7 accepted)
- docs/reports/2026-05-23-full-audit-report.md: full audit consolidation
- docs/reports/audit-full-vs-phase2-reconciliation.md: cross-reference
- docs/reports/audit-phase-2-walk-closure.md: closure sign-off
Project docs:
- docs/project/phase-2-audit-remediation.md: SSOT for all fixes
- docs/project/alert-push-policy.md: dashboard alert design decisions
- docs/project/production-verification-checklist.md: first-deploy checklist
- docs/project/script-execution.md: script platform design
- docs/project/wsl-integration-test.md: WSL code-only verification guide
- docs/project/line-walk-audit-standard.md: audit methodology
- docs/project/mysql-mcp-setup.md: MCP config guide
Changelogs: 18 entries (2026-05-22 to 2026-05-23)
Project memory: CLAUDE.md, AGENTS.md updated to reflect current state
Deploy: nginx_https.conf template updated
Co-authored-by: Cursor <cursoragent@cursor.com>
839 B
839 B
全局 JWT 中间件(F2a-10 / F2d-02)
日期: 2026-05-22
变更
server/api/auth_jwt.py:新增JwtAuthMiddleware,对所有/api/*请求在路由处理前校验 Bearer JWT;公开前缀见PUBLIC_PREFIXES(含/api/install/、/api/auth/logout)。server/main.py:在DbSessionMiddleware内层注册中间件(保证request.state.db可用)。get_current_admin:复用request.state.admin,避免重复查库。- 安装模式(无
.env)跳过 JWT 中间件,由InstallModeMiddleware返回 503。
纵深防御
路由层 Depends(get_current_admin) 保留;即使新路由漏挂 Depends,中间件仍会返回 401。
验证
pytest tests/test_step0_infrastructure.py::TestJWTAuth tests/test_nexus_v6.py::TestJWTAuth tests/test_security_unit.py -q