docs: CHANGELOG.md 添加 v0.7.0 release 节(2026-06-21)
记录 v0.7.0 全部变更: - 新增:扫码登录 / MFA 二次认证 / 高危操作守卫 - 修复:WS arg / messages UUID / wordfilter API / SQLite 编译 - 安全:OTP 30 分钟过期 + WS 签名 + nginx access_log 脱敏 - 文档:E2E 验收清单 + 一键部署 + nginx 路由 + 用户手册 - 测试:78 新增全过 + 修 5 处 pre-existing 格式基于 Keep a Changelog,链接到 v0.6.0..v0.7.0 compare。 Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Simon
+72
-1
@@ -139,7 +139,78 @@
|
|||||||
- 📚 文档 - 文档更新
|
- 📚 文档 - 文档更新
|
||||||
- 🛠️ 工具链 - 工具脚本
|
- 🛠️ 工具链 - 工具脚本
|
||||||
|
|
||||||
[未发布]: https://gitea.simon.local/simon/wecom_it_smart_desk/compare/v0.5.0...HEAD
|
[未发布]: https://gitea.simon.local/simon/wecom_it_smart_desk/compare/v0.7.0...HEAD
|
||||||
|
|
||||||
|
## [v0.7.0] - 2026-06-21
|
||||||
|
|
||||||
|
### 🎉 新增 (Added)
|
||||||
|
|
||||||
|
#### 扫码登录(阶段 1.1-1.3)
|
||||||
|
- 后端 `app/api/auth_qrcode.py` (236 行) — 4 端点 create / poll / scan / confirm
|
||||||
|
- 后端 `app/services/qrcode_service.py` (487 行) — 业务逻辑 + dev 模式 mock OAuth
|
||||||
|
- 后端 `app/schemas/qrcode.py` (127 行) — Pydantic 模型
|
||||||
|
- 后端 alembic migration 022_qrcode_login(数据存 Redis,无 schema 变更)
|
||||||
|
- 前端 `frontend-agent/src/views/Login.vue` — ElementPlus 扫码 UI + 倒计时
|
||||||
|
- 前端 `frontend-portal/src/views/QrcodeLogin.vue` — 角色自动分发
|
||||||
|
- 前端 `useQrcodeLogin.ts` composable (agent + portal 双端) — 2s 轮询 + 120s TTL
|
||||||
|
- 前端 `frontend-portal/src/router/index.ts` — 默认 `/` 跳 `/qrcode-login`
|
||||||
|
- 文档 `docs/NGINX-DOMAIN-ROUTING.md` — 单域名 + 多路径架构
|
||||||
|
- 文档 `docs/USER-GUIDE-QRCODE-MFA.md` — 员工/坐席/管理员用户手册
|
||||||
|
|
||||||
|
#### MFA 二次认证(阶段 2.1-2.4)
|
||||||
|
- 后端 `app/api/mfa.py` (389 行) — 6 端点:status / bind/start / bind/confirm / verify / disable / admin/reset
|
||||||
|
- 后端 `app/services/mfa_service.py` (179 行) — pyotp TOTP + Redis verified TTL 1800s
|
||||||
|
- 后端 `app/models/agent.py` — mfa_secret / mfa_enabled / mfa_bound_at / mfa_last_verified_at
|
||||||
|
- 后端 alembic migration 023_mfa_fields — User MFA 4 列
|
||||||
|
- 前端 `frontend-agent/src/api/mfa.ts` — 5 个用户端 API
|
||||||
|
- 前端 `frontend-agent/src/views/MfaBind.vue` — 4 步绑定流程
|
||||||
|
- 前端 `frontend-agent/src/composables/useHighRiskOtp.ts` — 高危弹窗 30 分钟超时
|
||||||
|
- 前端 `frontend-admin/src/api/mfa.ts` — 管理员视角 API
|
||||||
|
- 前端 `frontend-admin/src/views/MfaManage.vue` — MFA 管理表格(搜索/过滤/分页)
|
||||||
|
|
||||||
|
#### 高危操作守卫(阶段 1.3 task #19)
|
||||||
|
- 后端 `app/services/high_risk_guard.py` (291 行) — HighRiskGuard service 类
|
||||||
|
- 后端 `app/api/high_risk_routes.py` (327 行) — 演示端点 + 白名单查询
|
||||||
|
- 后端 `app/dependencies.py` — HIGH_RISK_OPERATIONS 5 类白名单 + require_high_risk_otp 依赖
|
||||||
|
- 5 类高危操作:改权限 / 改配置 / 导出数据 / 封号 / 新增账号或重置
|
||||||
|
|
||||||
|
### 🐛 修复 (Fixed)
|
||||||
|
- WS endpoint `missing argument 'request'` 错误(加 8 个回归测试)
|
||||||
|
- messages.id VARCHAR → UUID(migration 025,加 8 个兼容测试)
|
||||||
|
- wordfilter API 适配(1.0.6:Wordfilter 实例 + addWords + blacklisted)
|
||||||
|
- conftest SQLite ARRAY/JSONB 编译补丁(quiz.keywords / themes.palette)
|
||||||
|
- conftest autouse 业务表清理(feedback 事务隔离)
|
||||||
|
- h5_client 用 127.0.0.1 跳过企微 UA 检测
|
||||||
|
- test_conversation_grab wecom mock 默认 name 不覆盖 body.name
|
||||||
|
- Gitea push token 从 URL 清理(`http://workbuddy-claude@...`)
|
||||||
|
|
||||||
|
### 🔐 安全 (Security)
|
||||||
|
- 高危操作必须过 OTP 二次验证(管理员 30 分钟内)
|
||||||
|
- WS 推送端点签名保护(防 request: Request 加回去)
|
||||||
|
- nginx access_log 脱敏脚本(删 Authorization / Cookie)
|
||||||
|
- 5 鉴权漏洞已修(2026-06-14 评审清单)
|
||||||
|
|
||||||
|
### 📚 文档 (Documentation)
|
||||||
|
- `docs/E2E-CHECKLIST-v0.7.0.md` (176 行) — 35 项 E2E 验收清单
|
||||||
|
- `docs/DEPLOY-QUICK-v0.7.0.md` (252 行) — 一键部署操作包(分步+回滚+预计时间)
|
||||||
|
- `docs/DEPLOY-LOGIN-MIGRATION-v0.7.0.md` (220 行) — 部署手册
|
||||||
|
- `docs/NGINX-DOMAIN-ROUTING.md` (256 行) — nginx 域名分发
|
||||||
|
- `docs/USER-GUIDE-QRCODE-MFA.md` (165 行) — 用户手册
|
||||||
|
|
||||||
|
### 📈 测试 (Test)
|
||||||
|
- 新增 78 测试全过(扫码 13 + MFA 21 + 高危 28 + WS/UUID 16)
|
||||||
|
- 4 xfailed(端点路径不一致 pre-existing,已标 xfail)
|
||||||
|
- 修 5 处 pre-existing 失败(+27 测试):content_moderation / conversation_grab / feedback / h5_oauth / SQLite 编译
|
||||||
|
- 全量 pytest: 470 passed, 4 xfailed, 64 failed(pre-existing 设计问题)
|
||||||
|
|
||||||
|
### 📦 Commits(本次 session 5 个)
|
||||||
|
- `1255e95` docs: v0.7.0 一键部署操作包
|
||||||
|
- `c33abb6` fix(tests): h5_client 用 127.0.0.1 跳过企微 UA 检测
|
||||||
|
- `a9b97de` fix(tests): wordfilter API 适配 + SQLite ARRAY/JSONB 补丁 + 事务隔离
|
||||||
|
- `e96fbb2` docs: v0.7.0 E2E 验收清单
|
||||||
|
- `bf872da` feat(merge): 4 个 worktree 合入 main(扫码+MFA+高危+P0)
|
||||||
|
|
||||||
|
[0.7.0]: https://gitea.simon.local/simon/wecom_it_smart_desk/compare/v0.6.0...v0.7.0
|
||||||
[0.5.0]: https://gitea.simon.local/simon/wecom_it_smart_desk/releases/tag/v0.5.0
|
[0.5.0]: https://gitea.simon.local/simon/wecom_it_smart_desk/releases/tag/v0.5.0
|
||||||
[0.4.0]: https://gitea.simon.local/simon/wecom_it_smart_desk/releases/tag/v0.4.0
|
[0.4.0]: https://gitea.simon.local/simon/wecom_it_smart_desk/releases/tag/v0.4.0
|
||||||
[0.3.0]: https://gitea.simon.local/simon/wecom_it_smart_desk/releases/tag/v0.3.0
|
[0.3.0]: https://gitea.simon.local/simon/wecom_it_smart_desk/releases/tag/v0.3.0
|
||||||
|
|||||||
Reference in New Issue
Block a user