kurihada/no-whatever
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复 API 500 响应泄露内部错误细节

Browse Source
This commit is contained in:
kurihada
2026-03-03 12:11:02 +08:00
parent 486193c823
commit 5a6d457a87
3 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
PROJECT_AUDIT_2026-03-03.md
+6 -1
View File
@@ -68,7 +68,12 @@
- 至少要求登录态;更稳妥是同时校验房间成员身份(若与房间上下文绑定);
- 配合限流(IP + 用户维度)。
### P1-2 API 错误响应直接回传内部异常细节(信息泄露)
### P1-2 API 错误响应直接回传内部异常细节(信息泄露)【已完成】
- 修复状态:✅ 已完成(2026-03-03
- 修复内容:
- `apiHandler` 对未知异常返回统一文案 `操作失败,请稍后重试`
- 内部异常细节仅保留在服务端日志;
- 更新对应单元测试断言。
- 证据:
- `src/lib/api.ts:63-65`500 响应包含 `ErrorName: message`
- 影响: