From 96b989ec2540caec7c3b182f9319a8381aa0b81d Mon Sep 17 00:00:00 2001
From: admin <362324317@qq.com>
Date: Sun, 17 May 2026 02:32:48 +0800
Subject: [PATCH] =?UTF-8?q?v0.2.8:=20XSS=E5=87=80=E5=8C=96=20+=20=E9=80=9F?=
 =?UTF-8?q?=E7=8E=87=E9=99=90=E5=88=B6=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 搜索关键词存储前HTML标签剥离
- 速率限制keyGenerator改用getClientIP(读X-Forwarded-For)
- 搜索限流从150/min降至60/min
- 清理数据库中历史XSS条目
---
 VERSION                                   | 2 +-
 source_clean/src/middleware/rate-limit.ts | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index b003284..a45be46 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.2.7
+0.2.8
diff --git a/source_clean/src/middleware/rate-limit.ts b/source_clean/src/middleware/rate-limit.ts
index ae9f81e..5fe9c41 100755
--- a/source_clean/src/middleware/rate-limit.ts
+++ b/source_clean/src/middleware/rate-limit.ts
@@ -51,3 +51,6 @@ const defaultLimiter = rateLimit({
 });
 
 export default defaultLimiter;
+
+// NOTE v0.2.8: Fixed keyGenerator to use getClientIP() instead of req.socket.remoteAddress
+// This ensures rate limiting works correctly behind reverse proxy (OpenResty)