Go to file

win 8229b41382 fix(security): 修复赠送资产薅积分三大漏洞

1. SELECT FOR UPDATE 锁定资产行，防止并发转赠竞态条件
2. 检查 RowsAffected 防止 GORM 静默失败导致空壳发货记录
3. 兑换积分时校验转赠来源，禁止转赠资产兑换积分
4. 转赠来源校验改用写库查询，避免主从延迟绕过
5. 转赠来源查询错误不再静默忽略，失败时返回错误

基于 zuncle 分支修复，额外修正了两个安全隐患：
- RedeemInventoryToPoints/RedeemInventoriesToPoints 中
  转赠记录查询从 readDB 改为 writeDB
- Count()/Find() 返回的 error 不再丢弃

2026-03-11 16:25:11 +08:00

.claude/plan

admin

2026-03-05 12:50:06 +08:00

.gocache

admin

2026-03-05 12:50:06 +08:00

.serena

邀请关系

2026-02-27 17:51:38 +08:00

build

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

cmd

feat(channel): 渠道统计新增盈亏计算并修复成本口径

2026-03-11 02:29:19 +08:00

configs

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

deploy

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

docs

任务中心的问题

2026-02-27 16:07:12 +08:00

internal

fix(security): 修复赠送资产薅积分三大漏洞

2026-03-11 16:25:11 +08:00

migrations

admin

2026-03-05 12:50:06 +08:00

openspec/changes/add-channel-badge

admin

2026-03-05 12:50:06 +08:00

scripts

fix:订单同步

2026-02-27 00:08:02 +08:00

tools

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

web

feat(channel): 渠道统计新增盈亏计算并修复成本口径

2026-03-11 02:29:19 +08:00

.DS_Store

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

.gitignore

admin

2026-03-05 12:50:06 +08:00

.vercelignore

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

aaa.json

admin

2026-03-05 12:50:06 +08:00

bindbox-game

优惠券bug

2026-02-18 23:23:34 +08:00

bindboxgame.json

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

BUG_FIX_REPORT.md

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

CLAUDE.md

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

Dockerfile

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

go.mod

任务中心的问题

2026-02-27 16:07:12 +08:00

go.sum

任务中心的问题

2026-02-27 16:07:12 +08:00

main.go

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

Makefile

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

README.md

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

README.md

mini-chat

接口文档

接口文档：http://127.0.0.1:9991/swagger/index.html
心跳检测：http://127.0.0.1:9991/system/health

服务地址

https://mini-chat.1024tool.vip/swagger/index.html

打包命令

MAC

CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags "-s -w" -tags timetzdata -trimpath -o build/bindbox.exe .

export DOCKER_DEFAULT_PLATFORM=linux/amd64 docker build -t zfc931912343/bindbox-game:v1.10 . docker push zfc931912343/bindbox-game:v1.10

docker pull zfc931912343/bindbox-game:v1.10 &&docker rm -f bindbox-game && docker run -d --name bindbox-game -p 9991:9991 zfc931912343/bindbox-game:v1.10