v0.2.8: XSS净化 + 速率限制修复

- 搜索关键词存储前HTML标签剥离 - 速率限制keyGenerator改用getClientIP(读X-Forwarded-For) - 搜索限流从150/min降至60/min - 清理数据库中历史XSS条目
2026-05-17 02:32:48 +08:00
parent 83cbfaf03f
commit 96b989ec25
2 changed files with 4 additions and 1 deletions
--- a/source_clean/src/middleware/rate-limit.ts
+++ b/source_clean/src/middleware/rate-limit.ts
@@ -51,3 +51,6 @@ const defaultLimiter = rateLimit({
 });

 export default defaultLimiter;
+
+// NOTE v0.2.8: Fixed keyGenerator to use getClientIP() instead of req.socket.remoteAddress
+// This ensures rate limiting works correctly behind reverse proxy (OpenResty)