fix: address multiple code audit findings

- CORS: replace wildcard with explicit origin list from CORS_ORIGINS env - Auth: enforce strong defaults, JWT blacklist (RevokedToken model), login rate limiting - Auth: validate password length before bcrypt (72-byte limit) - Scheduler: single-threaded worker to mitigate SQLite write contention - Scheduler: graceful shutdown (wait=True) - Snapshots: add prune_snapshots() with configurable retention count - Storage: isolate localStorage keys via VITE_APP_KEY prefix - Config: add cors_origins, login_rate_limit, snapshot_retention_count settings
2026-05-17 10:52:18 +08:00
parent a42ecf7bcc
commit ad16618406
25 changed files with 792 additions and 165 deletions
@@ -1,5 +1,5 @@
 <template>
-  <div class="shell-page page-section websites-page">
+  <div class="shell-page shell-page-fluid page-section websites-page">
    <div class="page-header surface-card page-block">
      <div class="page-heading">
        <p class="page-kicker">Sync Orchestration</p>
@@ -44,7 +44,7 @@
            <span v-else class="muted">—</span>
          </template>
        </el-table-column>
-        <el-table-column label="操作" width="200">
+        <el-table-column label="操作" width="174" align="right">
          <template #default="{ row }">
            <div class="action-row">
              <el-tooltip content="查看分组" placement="top" :show-after="300">
@@ -637,12 +637,15 @@ onMounted(loadAll)
 .action-row {
  display: flex;
  align-items: center;
+  justify-content: flex-end;
  flex-wrap: nowrap;
-  gap: 4px;
+  gap: 2px;
+  min-width: 0;
 }
 .action-row .el-button.is-circle {
-  width: 28px;
-  height: 28px;
+  width: 26px;
+  height: 26px;
+  margin-left: 0;
 }
 .binding-actions {
  display: flex;