Files

CD Pipeline / deploy (push) Failing after 2m36s

Details

fix(p35): Critic HIGH #2 + MEDIUM #2 — SQL f-string + 動態 import 改寫

HIGH #2 — ai_calls 動態 WHERE 從 f-string 拼接改全綁參數：
  舊：sa_text(f"WHERE {' AND '.join(where_parts)}")
  新：sa_text("WHERE :since AND (:caller_f='' OR caller=:caller_f) AND ...")
  原本字串字面值來源安全，但下個 contributor 不慎把 request.args 拼進去
  就立即 SQL injection；改全綁參數消除類別風險。

MEDIUM #2 — ppt_audit_history 動態 __import__ 改頂部 import：
  舊：__import__('time').time() / __import__('datetime').datetime.fromtimestamp(...)
  新：頂部 import time（datetime 已有）+ 直接呼叫
  並新增 os.path.islink() 過濾，防 reports/ 內 symlink 攻擊逃出目錄。

12/12 tests 仍 PASS。

2026-05-04 14:23:52 +08:00

__init__.py

refactor(routes): 刪除模組化死碼開關

2026-04-29 21:26:58 +08:00

admin_observability_routes.py

fix(p35): Critic HIGH #2 + MEDIUM #2 — SQL f-string + 動態 import 改寫

2026-05-04 14:23:52 +08:00

ai_routes.py

fix(dashboard): warm cache after AI pick refresh

2026-05-01 16:16:39 +08:00

alert_routes.py

refactor(telegram): migrate alert_routes sender to EventRouter (ADR-019 Phase 5)

2026-05-02 13:09:34 +08:00

api_routes.py

fix(momo): block EC404 auto-open with end-to-end URL guard

2026-05-02 12:00:34 +08:00

auto_import_routes.py

feat: EwoooC 初始化 — 完整專案推版至 Gitea

2026-04-19 01:21:13 +08:00

bot_api_routes.py

fix: Phase 2 P0 全清零 — 14 項安全與功能修復完成

2026-04-27 21:11:52 +08:00

category_routes.py

refactor(app.py): 抽出 /api/categories CRUD 至 category_routes Blueprint

2026-04-28 21:04:40 +08:00

cicd_routes.py

refactor(telegram): migrate cicd_routes sender to EventRouter (ADR-019 Phase 5)

2026-05-02 13:09:34 +08:00

code_review_routes.py

feat(code-review): 重建為 Post-Deploy AI Agent Pipeline

2026-04-21 20:55:23 +08:00

crawler_management_routes.py

refactor(routes): 遷移公開系統與 ABC 路由

2026-04-29 21:22:29 +08:00

daily_sales_routes.py

refactor(cache): 統一 cache SOT 並啟用 gunicorn preload

2026-04-29 21:35:56 +08:00

dashboard_routes.py

fix(momo): block EC404 auto-open with end-to-end URL guard

2026-05-02 12:00:34 +08:00

edm_routes.py

fix(momo): block EC404 auto-open with end-to-end URL guard

2026-05-02 12:00:34 +08:00

elephant_alpha_routes.py

feat: 實作 PPT 簡報資料庫持久化機制

2026-04-20 22:59:04 +08:00

export_routes.py

fix(momo): block EC404 auto-open with end-to-end URL guard

2026-05-02 12:00:34 +08:00

import_routes.py

refactor(cache): 統一 cache SOT 並啟用 gunicorn preload

2026-04-29 21:35:56 +08:00

misc_routes.py

refactor(app.py): 抽出 /api/test_url + /brand_assets 至 misc_routes Blueprint

2026-04-28 21:10:01 +08:00

monthly_routes.py

feat(reports): move monthly analysis to v2 shell

2026-05-01 21:13:18 +08:00

notification_routes.py

feat: EwoooC 初始化 — 完整專案推版至 Gitea

2026-04-19 01:21:13 +08:00

openclaw_bot_routes.py

feat(p11): RAG 自主學習 + Promotion Gate 4 階段護欄（feature flag OFF）

2026-05-03 23:56:12 +08:00

pchome_routes.py

fix: pchome_routes.py — permission_required 改用 role_required（auth.py 無此函數）

2026-04-27 21:20:52 +08:00

price_comparison_routes.py

fix(momo): block EC404 auto-open with end-to-end URL guard

2026-05-02 12:00:34 +08:00

README.md

docs(modularization): 建立模組化治理守門

2026-04-30 14:07:10 +08:00

sales_routes.py

refactor(cache): 統一 cache SOT 並啟用 gunicorn preload

2026-04-29 21:35:56 +08:00

system_public_routes.py

fix(metrics): 輸出 AI 自動化 baseline 指標

2026-04-30 10:32:43 +08:00

system_routes.py

security: harden system_routes.py — auth + input validation

2026-04-20 05:47:04 +08:00

trend_routes.py

feat: EwoooC 初始化 — 完整專案推版至 Gitea

2026-04-19 01:21:13 +08:00

user_routes.py

feat: EwoooC 初始化 — 完整專案推版至 Gitea

2026-04-19 01:21:13 +08:00

vendor_routes.py

refactor(vendor): 抽出廠商管理查詢服務

2026-05-01 14:20:09 +08:00

README.md

路由模組說明

app.py 直接註冊所有 Flask Blueprint；USE_MODULAR_ROUTES、register_blueprints()、 MODULAR_ENDPOINTS 與 duplicate cleanup 開關已在 ADR-017 Phase 3f-1 移除。

啟動防線

app.py 會在啟動時檢查 app.url_map，同一組 (URL, HTTP methods) 不允許被兩個 endpoint 重複註冊；若發現衝突會直接 SystemExit。

模組清單

模組	說明	主要路由
`dashboard_routes.py`	商品看板首頁	`/`
`sales_routes.py`	業績分析與 ABC 明細	`/sales_analysis`, `/growth_analysis`, `/abc_analysis/detail`, `/api/sales_analysis/*`
`system_public_routes.py`	無 prefix 公開系統頁與監控	`/health`, `/metrics`, `/ai_automation_smoke`, `/api/ai-automation/smoke*`, `/settings`, `/system_settings`, `/logs`, `/api/logs`, `/api/backup`
`system_routes.py`	內部系統維護 API	`/api/system/*`
`edm_routes.py`	EDM 與節慶儀表板	`/edm`, `/festival`
`monthly_routes.py`	月結分析	`/monthly_summary_analysis`, `/api/monthly_summary_data`
`daily_sales_routes.py`	當日業績	`/daily_sales`, `/daily_sales/export*`
`api_routes.py`	通用任務與查詢 API	`/api/run_task`, `/api/history/*`
`export_routes.py`	匯出功能	`/api/export/*`
`import_routes.py`	匯入功能	`/api/import_excel`, `/api/import/monthly_summary`

新增 route 時請優先放入對應 Blueprint，並用本機 app.url_map duplicate check 驗證。若 route 內開始出現大量資料處理、SQL、AI prompt 或外部 API 呼叫，請依 docs/guides/modularization_governance.md 抽到 services/ 或 utils/，不要讓 Blueprint 變成新巨檔。

README.md Unescape Escape

路由模組說明

啟動防線

模組清單

README.md