de21b9fd38
feat: 手机验证码登录对接 + 注册tab + user_logined事件派发
...
- 新增 code_login.dspy: 接收前端表单(cell_no/codeid/check_code)
映射到sms_engine验证,返回UI widget含自动登录binds
- 修复 login.ui 手机验证码tab: gen_code按钮改用script调用
gen_sms_code.dspy并回写key到隐藏字段,submit指向code_login.dspy
- login.ui 新增注册tab: 用户名/手机号/密码/确认密码表单
- register.dspy: 注册成功后自动remember_user并返回含binds的
Message widget(加载userinfo、销毁登录窗、派发user_logined)
- up_login.dspy: 补充user_logined事件派发bind
- load_path.py: code_login.dspy加入any权限,gen_sms_code.dspy
从logined移至any(验证码发送在登录前)
2026-05-28 13:50:17 +08:00
54b0f3d7b6
fix: dispatch user_logined event after successful login
...
After login message is dismissed, dispatches 'user_logined' on bricks.app
so the sidebar menu reloads without requiring manual page reload.
2026-05-28 13:42:03 +08:00
9d2a94131a
feat: improve logout.dspy with refresh button
...
After logout, show success message with a button to reload the page,
which triggers the sidebar menu to re-render with unauthenticated state.
2026-05-27 17:58:15 +08:00
835a2ff3f7
fix: add filler css + overflowY:auto to content container
2026-05-26 13:57:42 +08:00
1b21f46336
feat: add index.ui as module entry with user management, path roles, and unauth file scan cards
2026-05-26 12:11:32 +08:00
f8c8a4ce4d
refactor: move RBAC tools logic to rbac/rbac_tools.py, dspy files call via request._run_ns
2026-05-26 09:32:38 +08:00
0b456486db
feat: add RBAC tools — list_path_roles, find_unauth_files, and permission registration script
2026-05-26 09:18:04 +08:00
c53c16d54c
feat: add RBAC tools — list_path_roles and find_unauth_files
2026-05-26 09:12:33 +08:00
04552941e5
bugfix
2026-05-22 16:54:08 +08:00
0ac6c83ead
bugfix
2026-05-18 16:00:42 +08:00
d168326f09
bugfix
2026-05-18 15:31:00 +08:00
3f2001378e
bugfix
2026-05-18 15:25:43 +08:00
d96444cf60
fix: replace getID() with uuid() in dspy context
2026-05-13 11:50:24 +08:00
cd82b345aa
fix: use dappid+userid for downapikey query/insert, matching actual table schema
2026-05-13 11:44:34 +08:00
f313877f4b
fix: remove non-existent kwdownapikey table, use downapikey directly for per-user apikey lookup
2026-05-13 11:22:04 +08:00
fe7025ac0f
fix: use kwdownapikey for per-user apikey existence check to prevent same org sharing apikey
2026-05-12 20:12:19 +08:00
d57d165a08
fix: add openCustomerAccounts call and fix sync message in usersync
2026-05-12 18:54:15 +08:00
59c321d941
fix: check user existence and register user/org if missing using rbac functions
2026-05-12 18:46:02 +08:00
e7193933ae
fix: ensure user and org are created in users table before apikey creation in usersync
2026-05-12 18:37:23 +08:00
2fb9098699
fix: correct indentation in batch loop, fix for-else bug causing continue syntax error
2026-05-12 18:30:56 +08:00
3bb57dafd7
fix: convert tabs to spaces in usersync/index.dspy to resolve TabError
2026-05-12 18:20:24 +08:00
f1ed6ad151
fix: verify user exists before returning existing apikey in usersync, clean stale downapikey records
2026-05-12 18:13:50 +08:00
09acce0637
fix: remove ServerEnv() usage in dspy script, change expires_at to expired_date
2026-05-12 18:03:32 +08:00
fb5a24c240
fix: add POST method to register form submit binding
2026-05-12 10:41:50 +08:00
ceb26adf53
feat: 添加用户同步接口 /rbac/usersync/
...
- 新增POST接口支持单个和批量用户同步到dapi模块
- 返回每个用户的dapi apikey
- 优先调用dapi模块的create_user_apikey函数
- 添加API说明书文档
2026-05-11 15:10:56 +08:00
ccf66ecd23
bugfix
2026-04-26 20:27:54 +08:00
0d5878f2ea
bugfix
2026-04-26 20:25:05 +08:00
a460c0b888
bugfix
2026-04-26 20:24:53 +08:00
fdabfc2261
bugfix
2026-04-26 20:14:56 +08:00
90e9e943b2
bugfix
2026-04-26 15:14:33 +08:00
7b36e2d159
bugfix
2026-04-26 15:02:32 +08:00
59f68c3141
bugfix
2026-04-26 15:01:05 +08:00
afceb713b7
bugfix
2026-04-26 12:29:35 +08:00
c0c9d0a489
fix: change datetime.now() to datetime.datetime.now() in up_login.dspy
...
ahserver pre-loads 'import datetime' module, so datetime class must be
accessed as datetime.datetime, not directly as datetime (which was only
valid when 'from datetime import datetime' was used).
2026-04-26 11:37:30 +08:00
1b5ae8aba9
fix: remove unnecessary 'from datetime import datetime' in up_login.dspy
...
datetime module is pre-loaded by ahserver framework, import statements
are not needed and not supported in .dspy files.
2026-04-26 11:32:48 +08:00
8aada101ca
fix(rbac): remove MySQL-specific SQL for cross-database compatibility
...
- Replace DATE_SUB(NOW(), INTERVAL 300 SECOND) with Python-level time check
- Replace NOW() with parameterized timestamps from Python
- Lockout check now done in _is_locked() function (DB-agnostic)
- All UPDATE statements use parameterized values, not DB functions
- Works with MySQL, PostgreSQL, SQLite, SQL Server, Oracle
2026-04-26 11:04:15 +08:00
622b0558b9
fix(rbac): fix high-concurrency race conditions in login and cache
...
1. Login lockout race condition:
- Replace SELECT-then-UPDATE with atomic database operations
- Lockout check now in SQL WHERE clause (DATE_SUB comparison)
- Fail count increment: UPDATE ... SET count = count + 1 (atomic)
- Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy
2. Cache threading.Lock -> asyncio.Lock:
- LRUCache now uses lazy-init asyncio.Lock
- Prevents blocking the event loop in async environment
- UserPermissions._rp_lock also uses asyncio.Lock
- Double-check pattern in load_roleperms prevents duplicate DB loads
3. Use database NOW() instead of Python curDateString for concurrent updates
2026-04-26 10:58:13 +08:00
3fdd4efeff
feat(rbac): add login tracking, lockout, secure cache
...
- Add created_at, last_login, login_fail_count, last_login_fail fields
- 3 failed logins locks account for 5 minutes
- LRU+TTL cache for UserPermissions, thread-safe
- All login methods update last_login
- Migration SQL for existing databases
2026-04-26 10:49:01 +08:00
a8a5199c25
bugfix
2026-04-23 12:51:51 +08:00
704f7f3700
bugfix
2026-04-15 15:37:08 +08:00
188ce21b83
bugfix
2026-04-01 18:20:46 +08:00
593f60a7a0
bugfix
2026-04-01 18:19:16 +08:00
3098c3dd7e
bugfix
2026-04-01 18:05:51 +08:00
059df2aef2
bugfix
2026-03-26 11:49:12 +08:00
0c69929a72
bugfix
2026-03-25 17:40:17 +08:00
4bc14dfee1
bugfix
2026-03-25 14:11:46 +08:00
6ad1abd5cf
bugfix
2026-03-24 15:56:41 +08:00
5280e5fef9
bugfix
2026-03-24 15:54:05 +08:00
75207ce85d
bugfix
2026-03-24 15:43:24 +08:00
6eb707d8bf
bugfix
2026-03-23 11:11:09 +08:00
