Phase 7 Task 3: 数据安全与合规
- 创建 security_manager.py 安全模块
- SecurityManager: 安全管理主类
- 审计日志系统 - 记录所有数据操作
- 端到端加密 - AES-256-GCM 加密项目数据
- 数据脱敏 - 支持手机号、邮箱、身份证等敏感信息脱敏
- 数据访问策略 - 基于用户、角色、IP、时间的访问控制
- 访问审批流程 - 敏感数据访问需要审批
- 更新 schema.sql 添加安全相关数据库表
- audit_logs: 审计日志表
- encryption_configs: 加密配置表
- masking_rules: 脱敏规则表
- data_access_policies: 数据访问策略表
- access_requests: 访问请求表
- 更新 main.py 添加安全相关 API 端点
- GET /api/v1/audit-logs - 查询审计日志
- GET /api/v1/audit-logs/stats - 审计统计
- POST /api/v1/projects/{id}/encryption/enable - 启用加密
- POST /api/v1/projects/{id}/encryption/disable - 禁用加密
- POST /api/v1/projects/{id}/encryption/verify - 验证密码
- GET /api/v1/projects/{id}/encryption - 获取加密配置
- POST /api/v1/projects/{id}/masking-rules - 创建脱敏规则
- GET /api/v1/projects/{id}/masking-rules - 获取脱敏规则
- PUT /api/v1/masking-rules/{id} - 更新脱敏规则
- DELETE /api/v1/masking-rules/{id} - 删除脱敏规则
- POST /api/v1/projects/{id}/masking/apply - 应用脱敏
- POST /api/v1/projects/{id}/access-policies - 创建访问策略
- GET /api/v1/projects/{id}/access-policies - 获取访问策略
- POST /api/v1/access-policies/{id}/check - 检查访问权限
- POST /api/v1/access-requests - 创建访问请求
- POST /api/v1/access-requests/{id}/approve - 批准访问
- POST /api/v1/access-requests/{id}/reject - 拒绝访问
- 更新 requirements.txt 添加 cryptography 依赖
- 更新 STATUS.md 和 README.md 记录完成状态
This commit is contained in:
OpenClaw Bot
@@ -1,175 +1,105 @@
|
||||
// InsightFlow Chrome Extension - Options Script
|
||||
|
||||
document.addEventListener('DOMContentLoaded', () => {
|
||||
const serverUrlInput = document.getElementById('serverUrl');
|
||||
const apiKeyInput = document.getElementById('apiKey');
|
||||
const defaultProjectSelect = document.getElementById('defaultProject');
|
||||
const testBtn = document.getElementById('testBtn');
|
||||
const testResult = document.getElementById('testResult');
|
||||
const saveBtn = document.getElementById('saveBtn');
|
||||
const resetBtn = document.getElementById('resetBtn');
|
||||
const openConsole = document.getElementById('openConsole');
|
||||
const helpLink = document.getElementById('helpLink');
|
||||
|
||||
// 加载配置
|
||||
loadConfig();
|
||||
|
||||
// 测试连接
|
||||
testBtn.addEventListener('click', async () => {
|
||||
testBtn.disabled = true;
|
||||
testBtn.textContent = '测试中...';
|
||||
testResult.className = '';
|
||||
testResult.style.display = 'none';
|
||||
// 加载保存的设置
|
||||
loadSettings();
|
||||
|
||||
const serverUrl = serverUrlInput.value.trim();
|
||||
const apiKey = apiKeyInput.value.trim();
|
||||
// 绑定事件
|
||||
document.getElementById('saveBtn').addEventListener('click', saveSettings);
|
||||
document.getElementById('testBtn').addEventListener('click', testConnection);
|
||||
});
|
||||
|
||||
// 加载设置
|
||||
async function loadSettings() {
|
||||
const settings = await chrome.storage.sync.get([
|
||||
'serverUrl',
|
||||
'apiKey',
|
||||
'showFloatingButton',
|
||||
'autoSync'
|
||||
]);
|
||||
|
||||
if (!serverUrl || !apiKey) {
|
||||
showTestResult('请填写服务器地址和 API Key', 'error');
|
||||
testBtn.disabled = false;
|
||||
testBtn.textContent = '测试连接';
|
||||
return;
|
||||
document.getElementById('serverUrl').value = settings.serverUrl || '';
|
||||
document.getElementById('apiKey').value = settings.apiKey || '';
|
||||
document.getElementById('showFloatingButton').checked = settings.showFloatingButton !== false;
|
||||
document.getElementById('autoSync').checked = settings.autoSync !== false;
|
||||
}
|
||||
|
||||
// 保存设置
|
||||
async function saveSettings() {
|
||||
const serverUrl = document.getElementById('serverUrl').value.trim();
|
||||
const apiKey = document.getElementById('apiKey').value.trim();
|
||||
const showFloatingButton = document.getElementById('showFloatingButton').checked;
|
||||
const autoSync = document.getElementById('autoSync').checked;
|
||||
|
||||
// 验证
|
||||
if (!serverUrl) {
|
||||
showStatus('请输入服务器地址', 'error');
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
const response = await fetch(`${serverUrl}/api/v1/projects`, {
|
||||
headers: { 'X-API-Key': apiKey }
|
||||
});
|
||||
|
||||
if (response.ok) {
|
||||
const data = await response.json();
|
||||
showTestResult(`连接成功!找到 ${data.projects?.length || 0} 个项目`, 'success');
|
||||
|
||||
// 更新项目列表
|
||||
updateProjectList(data.projects || []);
|
||||
} else if (response.status === 401) {
|
||||
showTestResult('API Key 无效,请检查', 'error');
|
||||
} else {
|
||||
showTestResult(`连接失败: HTTP ${response.status}`, 'error');
|
||||
}
|
||||
} catch (error) {
|
||||
showTestResult(`连接错误: ${error.message}`, 'error');
|
||||
if (!apiKey) {
|
||||
showStatus('请输入 API 令牌', 'error');
|
||||
return;
|
||||
}
|
||||
|
||||
testBtn.disabled = false;
|
||||
testBtn.textContent = '测试连接';
|
||||
});
|
||||
|
||||
// 保存设置
|
||||
saveBtn.addEventListener('click', async () => {
|
||||
const config = {
|
||||
serverUrl: serverUrlInput.value.trim(),
|
||||
apiKey: apiKeyInput.value.trim(),
|
||||
defaultProjectId: defaultProjectSelect.value
|
||||
};
|
||||
|
||||
if (!config.serverUrl) {
|
||||
alert('请填写服务器地址');
|
||||
return;
|
||||
// 确保 URL 格式正确
|
||||
let formattedUrl = serverUrl;
|
||||
if (!formattedUrl.startsWith('http://') && !formattedUrl.startsWith('https://')) {
|
||||
formattedUrl = 'https://' + formattedUrl;
|
||||
}
|
||||
|
||||
await chrome.storage.sync.set({ insightflowConfig: config });
|
||||
// 移除末尾的斜杠
|
||||
formattedUrl = formattedUrl.replace(/\/$/, '');
|
||||
|
||||
// 显示保存成功
|
||||
saveBtn.textContent = '已保存 ✓';
|
||||
saveBtn.classList.add('btn-success');
|
||||
|
||||
setTimeout(() => {
|
||||
saveBtn.textContent = '保存设置';
|
||||
saveBtn.classList.remove('btn-success');
|
||||
}, 2000);
|
||||
});
|
||||
|
||||
// 重置设置
|
||||
resetBtn.addEventListener('click', () => {
|
||||
if (confirm('确定要重置所有设置吗?')) {
|
||||
const defaultConfig = {
|
||||
serverUrl: 'http://122.51.127.111:18000',
|
||||
apiKey: '',
|
||||
defaultProjectId: ''
|
||||
};
|
||||
|
||||
chrome.storage.sync.set({ insightflowConfig: defaultConfig }, () => {
|
||||
loadConfig();
|
||||
showTestResult('设置已重置', 'success');
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
// 打开控制台
|
||||
openConsole.addEventListener('click', (e) => {
|
||||
e.preventDefault();
|
||||
const serverUrl = serverUrlInput.value.trim();
|
||||
if (serverUrl) {
|
||||
chrome.tabs.create({ url: serverUrl });
|
||||
}
|
||||
});
|
||||
|
||||
// 帮助链接
|
||||
helpLink.addEventListener('click', (e) => {
|
||||
e.preventDefault();
|
||||
const serverUrl = serverUrlInput.value.trim();
|
||||
if (serverUrl) {
|
||||
chrome.tabs.create({ url: `${serverUrl}/docs` });
|
||||
}
|
||||
});
|
||||
|
||||
// 加载配置
|
||||
async function loadConfig() {
|
||||
const result = await chrome.storage.sync.get(['insightflowConfig']);
|
||||
const config = result.insightflowConfig || {
|
||||
serverUrl: 'http://122.51.127.111:18000',
|
||||
apiKey: '',
|
||||
defaultProjectId: ''
|
||||
};
|
||||
|
||||
serverUrlInput.value = config.serverUrl;
|
||||
apiKeyInput.value = config.apiKey;
|
||||
|
||||
// 如果有 API Key,加载项目列表
|
||||
if (config.apiKey) {
|
||||
loadProjects(config);
|
||||
}
|
||||
}
|
||||
|
||||
// 加载项目列表
|
||||
async function loadProjects(config) {
|
||||
try {
|
||||
const response = await fetch(`${config.serverUrl}/api/v1/projects`, {
|
||||
headers: { 'X-API-Key': config.apiKey }
|
||||
});
|
||||
|
||||
if (response.ok) {
|
||||
const data = await response.json();
|
||||
updateProjectList(data.projects || [], config.defaultProjectId);
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Failed to load projects:', error);
|
||||
}
|
||||
}
|
||||
|
||||
// 更新项目列表
|
||||
function updateProjectList(projects, selectedId = '') {
|
||||
let html = '<option value="">不设置默认项目</option>';
|
||||
|
||||
projects.forEach(project => {
|
||||
const selected = project.id === selectedId ? 'selected' : '';
|
||||
html += `<option value="${project.id}" ${selected}>${escapeHtml(project.name)}</option>`;
|
||||
// 保存
|
||||
await chrome.storage.sync.set({
|
||||
serverUrl: formattedUrl,
|
||||
apiKey: apiKey,
|
||||
showFloatingButton: showFloatingButton,
|
||||
autoSync: autoSync
|
||||
});
|
||||
|
||||
defaultProjectSelect.innerHTML = html;
|
||||
}
|
||||
|
||||
// 显示测试结果
|
||||
function showTestResult(message, type) {
|
||||
testResult.textContent = message;
|
||||
testResult.className = type;
|
||||
}
|
||||
|
||||
// HTML 转义
|
||||
function escapeHtml(text) {
|
||||
const div = document.createElement('div');
|
||||
div.textContent = text;
|
||||
return div.innerHTML;
|
||||
}
|
||||
});
|
||||
showStatus('设置已保存!', 'success');
|
||||
}
|
||||
|
||||
// 测试连接
|
||||
async function testConnection() {
|
||||
const serverUrl = document.getElementById('serverUrl').value.trim();
|
||||
const apiKey = document.getElementById('apiKey').value.trim();
|
||||
|
||||
if (!serverUrl || !apiKey) {
|
||||
showStatus('请先填写服务器地址和 API 令牌', 'error');
|
||||
return;
|
||||
}
|
||||
|
||||
showStatus('正在测试连接...', '');
|
||||
|
||||
try {
|
||||
const response = await fetch(`${serverUrl}/api/v1/health`, {
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
});
|
||||
|
||||
if (response.ok) {
|
||||
const data = await response.json();
|
||||
showStatus(`连接成功!服务器版本: ${data.version || 'unknown'}`, 'success');
|
||||
} else {
|
||||
showStatus('连接失败:服务器返回错误', 'error');
|
||||
}
|
||||
} catch (error) {
|
||||
showStatus('连接失败:' + error.message, 'error');
|
||||
}
|
||||
}
|
||||
|
||||
// 显示状态
|
||||
function showStatus(message, type) {
|
||||
const statusEl = document.getElementById('status');
|
||||
statusEl.textContent = message;
|
||||
statusEl.className = 'status';
|
||||
|
||||
if (type) {
|
||||
statusEl.classList.add(type);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user