4 Commits

Author	SHA1	Message	Date
long-agent	d4ec8a13e4	security(auth): raise Argon2id calibration minimums to OWASP thresholds (SEC-ARGON2) ... - Increase minimum iterations from 2 to 3 (OWASP minimum) - Increase minimum memory from 16MB to 19MB (19456KB, OWASP minimum) - Update comments to document the OWASP rationale Fixes: SEC-ARGON2	2026-05-08 10:24:10 +08:00
long-agent	7b047e2f11	perf: Sprint 19 P0/P1 性能优化落地 ... P0（高优先级）: - P0-1: 确认数据库复合索引已存在（GORM tag），composite_index_test 验证通过 - P0-2: 连接池调优 MaxIdleConns 5→10, ConnMaxLifetime 30min→5min - P0-3: Redis 智能探测（ProbeRedis），无 Redis 自动降级到纯内存模式 P1（中优先级）: - P1-1: GZIP 压缩中间件（compress/gzip 标准库，零新依赖） - P1-2: 权限缓存 TTL 30min→5min - P1-3: Argon2id 启动自适应校准（CalibrateArgon2id） 历史优化（含本次提交）: - L1Cache O(n)→O(1) LRU 重构 - Auth 中间件 DB 查询合并 + 5s L1 缓存 - Logger 异步化（4096 缓冲通道） 验证: go build/vet/test 41/41 PASS, govulncheck 无漏洞	2026-04-18 22:57:44 +08:00
long-agent	12a5be9826	fix: suppress gosec G115/G118 false positive warnings ... - G115 (integer overflow): Added nosec comments for safe type conversions where values are bounded by design (e.g., rng.Intn(255) returns 0-254) - G118 (context.Background): Added nosec for intentional async goroutines that use WithTimeout for bounded execution after request completes Note: G101 (hardcoded credentials) warnings are low-confidence false positives - OAuth fields use getEnv() to read from environment.	2026-04-08 22:50:42 +08:00
long-agent	dcc1f186f8	feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers	2026-04-02 11:19:50 +08:00