bindbox-game

History

win 8229b41382 fix(security): 修复赠送资产薅积分三大漏洞

1. SELECT FOR UPDATE 锁定资产行，防止并发转赠竞态条件
2. 检查 RowsAffected 防止 GORM 静默失败导致空壳发货记录
3. 兑换积分时校验转赠来源，禁止转赠资产兑换积分
4. 转赠来源校验改用写库查询，避免主从延迟绕过
5. 转赠来源查询错误不再静默忽略，失败时返回错误

基于 zuncle 分支修复，额外修正了两个安全隐患：
- RedeemInventoryToPoints/RedeemInventoriesToPoints 中
  转赠记录查询从 readDB 改为 writeDB
- Count()/Find() 返回的 error 不再丢弃

2026-03-11 16:25:11 +08:00

alert

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

api

fix(shipping): 使用资产价值快照价格确保发货与分解价格一致

2026-03-05 17:54:58 +08:00

code

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.

2026-02-21 21:33:19 +08:00

dblogger

feat: Add user spending dashboard, update database schema, and refine various API endpoints and service logic.