qinglong

mirror of https://github.com/whyour/qinglong.git synced 2026-03-13 15:05:10 +08:00

Author	SHA1	Message	Date
whyour	0215b7f3a8	安装 linux 依赖自动识别 alpine 和 debian	2026-03-01 20:36:42 +08:00
whyour	ec5c6f2ab2	更新 npm 版本 v0.20.4	2026-03-01 20:36:42 +08:00
whyour	b624b96068	修复 debian netcat 包名	2026-03-01 20:36:42 +08:00
whyour	af5564508f	更新 npm 版本 v0.19.9	2026-03-01 20:36:42 +08:00
whyour	09087df0c9	修改 npm 安装启动命令	2026-03-01 20:36:42 +08:00
whyour	3a760097e2	更新 npm 版本 v0.18.0	2026-03-01 20:36:42 +08:00
whyour	adbc3137bc	更新 npm 版本 v0.17.0	2026-03-01 20:36:42 +08:00
whyour	e151085804	修复 linux 镜像源	2026-03-01 20:36:42 +08:00
whyour	957b5684bb	更新 npm 版本 v0.16.0	2026-03-01 20:36:42 +08:00
whyour	e781d0039c	更新 workflow action 版本	2026-03-01 20:36:41 +08:00
whyour	6371d1f49d	增加 npx 命令	2026-03-01 20:36:41 +08:00
whyour	5b32871b3f	更新 npm 版本 v0.14.5	2026-03-01 20:36:41 +08:00
whyour	98fc5bae50	修复 workflow	2026-03-01 20:36:41 +08:00
whyour	57d0af0a6c	移除 qinglong 命令 npm 默认镜像源	2026-03-01 20:36:41 +08:00
whyour	f156c04e11	修复 qinglong 命令	2026-03-01 20:36:41 +08:00
whyour	8033558c27	修改切换 linux 镜像源	2026-03-01 20:36:41 +08:00
whyour	7cc8a7a5e7	增加 debian 开发版本	2026-03-01 20:36:41 +08:00
whyour	dde45d0036	更新 npm 版本 v0.13.2	2026-03-01 20:36:41 +08:00
whyour	8b7d4c29a4	修复 qinglong 命令	2026-03-01 20:36:41 +08:00
whyour	c49bbf3ff1	修复 shell check_server	2026-03-01 20:36:41 +08:00
whyour	2a3223fbe7	修复拉取私有仓库	2026-03-01 20:36:41 +08:00
dream10201	38bce51ee7	修复linux依赖检测 (#2082 )	2026-03-01 20:36:41 +08:00
whyour	90041367c6	更新 npm v0.8.4	2026-03-01 20:36:41 +08:00
whyour	ae122a77e8	更新 npm 版本 0.7.7	2026-03-01 20:36:41 +08:00
whyour	9c3553c0e7	修复 debian apt 命令，支持 qinglong 命令	2026-03-01 20:36:41 +08:00
whyour	407618fa04	增加 debian-slim 基础镜像	2026-03-01 20:36:41 +08:00
whyour	ade5d857f7	修改获取示例文件 api path	2026-03-01 20:36:41 +08:00
whyour	275d8af4e2	更新版本 v2.20.2	2026-03-01 20:35:25 +08:00
whyour	544c432f49	修复 PATH 环境变量	2026-03-01 20:35:19 +08:00
Copilot	6bec52dca1	Fix /open/user/init auth bypass allowing credential reset on initialized systems (#2941 ) * Initial plan * fix: add /open/user/init paths to init guard to prevent auth bypass Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> Co-authored-by: whyour <imwhyour@gmail.com>	2026-03-01 18:02:21 +08:00
rockymelody	ce599d306f	青龙面板鉴权绕过漏洞已修复 (#2935 ) 已实施的安全加固措施第一层防御：启用Express严格路由（第17-18行） app.set('case sensitive routing', true); // 路由大小写敏感 app.set('strict routing', true); // 严格路由匹配第二层防御：路径标准化检查中间件（第23-37行） app.use((req, res, next) => { const originalPath = req.path; const normalizedPath = originalPath.toLowerCase(); // 检测并拦截大小写混淆攻击 if (originalPath !== normalizedPath && (normalizedPath.startsWith('/api/') \|\| normalizedPath.startsWith('/open/'))) { return res.status(400).json({ code: 400, message: 'Invalid path format' }); } next(); }); 作用：主动检测并拒绝含有大小写变体的恶意请求第三层防御：JWT中间件正则表达式修复（第59行） // 修复前： path: [...config.apiWhiteList, /^\/(?!api\/)./], // 修复后：添加大小写不敏感标志 'i' path: [...config.apiWhiteList, /^(\/(?!api\/).)$/i], 作用：防御正则匹配层面的绕过第四层防御：自定义Token中间件路径标准化（第74-87行） // 修复前： if (!['/open/', '/api/'].some((x) => req.path.startsWith(x))) { // 修复后：统一转小写比较 const pathLower = req.path.toLowerCase(); if (!['/open/', '/api/'].some((x) => pathLower.startsWith(x))) { } 作用：确保Token验证逻辑对所有路径变体生效第五层防御：初始化接口路径检查修复（第122-123行） // 修复前： if (!['/api/user/init', '/api/user/notification/init'].includes(req.path)) { // 修复后： const pathLower = req.path.toLowerCase(); if (!['/api/user/init', '/api/user/notification/init'].includes(pathLower)) {	2026-03-01 17:44:03 +08:00
whyour	d53437d169	更新 2.20.1	2025-12-26 21:17:30 +08:00
whyour	d526602d19	修复运行中任务停止操作	2025-12-26 01:07:08 +08:00
whyour	91b44914f6	修复环境变量排序	2025-12-26 00:41:32 +08:00
whyour	4f6c93cc1c	更新 workflow	2025-12-24 01:03:21 +08:00
whyour	e326d89571	修复 apiWhiteList 路径	2025-12-23 00:58:09 +08:00
whyour	5f0dafa010	修复 cron-parser import，websocket basepath	2025-12-23 00:28:16 +08:00
Copilot	dc0b3f2eb2	Fix QlBaseUrl: use URL rewrite for base path support (#2876 ) * Initial plan * Add QlBaseUrl support to backend routes Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Fix whitelist check to use base-URL-aware paths Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Update websocket and frontend to support base URL Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Address code review feedback: fix JWT regex and path construction Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Fix path construction: use req.path directly for whitelist check Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add clarifying comments and improve code readability Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Apply code review suggestions: improve clarity and simplify logic Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Simplify baseUrl implementation using URL rewrite Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-12-22 23:44:29 +08:00
Copilot	3db716763d	Fix cron-parser v5 bundling incompatibility causing validation failures (#2877 ) * Initial plan * Fix: Use default import for cron-parser to ensure browser compatibility Changed from named export `{ CronExpressionParser }` to default export `cronParser` and access `CronExpressionParser` through it. This ensures compatibility with webpack/UmiJS bundling for browser environments while maintaining backend functionality. Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-12-22 23:43:54 +08:00
Copilot	fae226745e	Add missing larkSecret field to gRPC NotificationInfo proto (#2880 ) * Initial plan * Add larkSecret field to NotificationInfo proto definition Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-12-22 23:38:42 +08:00
Copilot	9330650163	Fix TG_PROXY_AUTH concatenation in notify.js - add missing @ separator (#2882 ) * Initial plan * Fix TG_PROXY_AUTH handling in notify.js to match notify.py logic Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Apply prettier formatting to notify.js Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-12-22 23:05:06 +08:00
Copilot	073de76a4a	Fix validation error when saving scripts in debug window (v2.20.0 regression) (#2862 ) * 更新版本 2.20.0 * Initial plan * Fix validation error when saving scripts by allowing unknown fields in POST /scripts Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Revert version.yaml to 2.19.2 - should not include version bump in bug fix PR Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: whyour <imwhyour@gmail.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-12-22 22:43:48 +08:00
Copilot	c61d1aa828	Fix enum value 0 causing type filter to fail for NodeJS dependencies (#2869 ) * Initial plan * Fix: Prevent Python3 dependencies from appearing in NodeJs tab Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-12-15 18:21:14 +08:00
whyour	33fa3aca99	更新版本 2.20.0	2025-12-11 01:53:17 +08:00
whyour	c772fc9527	修复脚本调试保存文件错误	2025-12-11 01:52:47 +08:00
whyour	c5d2aa3aba	更新 pipeline	2025-12-10 00:34:35 +08:00
Copilot	02a05f06bd	Add signature verification support for Feishu bot notifications (#2856 ) * Initial plan * Add signature verification support for Feishu bot notifications Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add clarifying comments about Feishu signature algorithm Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add i18n translations for larkSecret configuration field Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-11-27 01:10:04 +08:00
whyour	3b0f55caf4	修复任务实例默认值	2025-11-23 12:45:02 +08:00
Copilot	6a3dd4f83c	Fix null log_name issue by omitting it from shell command when not set (#2849 ) * Initial plan * Fix null log_name handling in runSingle method Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Update cron.log_name before makeCommand to avoid passing null to shell Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Fix: Only pass log_name to shell when it has a value Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Fix uniqPath calculation in runSingle for null log_name Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Improve comment clarity in makeCommand Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Refactor: Move no_tee and ID to initial commandVariable declaration Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Refactor: Simplify uniqPath ternary expression Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>	2025-11-22 12:06:01 +08:00
whyour	177cd3de81	更新 docker 日志	2025-11-22 01:05:28 +08:00

1 2 3 4 5 ...

2039 Commits