d206460751
Phase 19 首席架構師審查指出: 核鑰 UX 安全性缺 CSRF 防護 後端: - 新增 src/core/csrf.py (Double Submit Cookie 模式) - 新增 src/api/v1/csrf.py (GET /api/v1/csrf/token) - 新增 src/models/csrf.py (CSRFTokenResponse) - 修改 approvals.py sign/reject/bulk 端點加入 CSRFToken 驗證 前端: - 新增 hooks/useCSRF.ts (React Hook) - 修改 approval.store.ts 整合 CSRF Token 參數 安全特性: - 256-bit Token (secrets.token_hex) - 時序安全比較 (secrets.compare_digest) - SameSite=Strict Cookie - 1 小時 Token 有效期 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
40 lines
974 B
Python
40 lines
974 B
Python
"""
|
|
CSRF Models (Phase 20)
|
|
======================
|
|
CSRF Token 相關的 Pydantic 模型。
|
|
|
|
建立日期: 2026-03-28 (台北時間)
|
|
建立者: Claude Code (首席架構師)
|
|
"""
|
|
|
|
from pydantic import BaseModel, Field
|
|
|
|
|
|
class CSRFTokenResponse(BaseModel):
|
|
"""CSRF Token 回應模型"""
|
|
|
|
token: str = Field(
|
|
...,
|
|
description="CSRF Token (64 字元十六進位)",
|
|
min_length=64,
|
|
max_length=64,
|
|
)
|
|
cookie_name: str = Field(
|
|
default="awoooi_csrf_token",
|
|
description="Cookie 名稱",
|
|
)
|
|
header_name: str = Field(
|
|
default="X-CSRF-Token",
|
|
description="Header 名稱 (敏感請求時使用)",
|
|
)
|
|
|
|
model_config = {
|
|
"json_schema_extra": {
|
|
"example": {
|
|
"token": "a1b2c3d4e5f6789012345678901234567890123456789012345678901234abcd",
|
|
"cookie_name": "awoooi_csrf_token",
|
|
"header_name": "X-CSRF-Token",
|
|
}
|
|
}
|
|
}
|