v0.2.8: XSS净化 + 速率限制修复

- 搜索关键词存储前HTML标签剥离
- 速率限制keyGenerator改用getClientIP(读X-Forwarded-For)
- 搜索限流从150/min降至60/min
- 清理数据库中历史XSS条目

VERSION

@@ -1 +1 @@
-0.2.7
+0.2.8

source_clean/src/middleware/rate-limit.ts

@@ -51,3 +51,6 @@ const defaultLimiter = rateLimit({
 });
 
 export default defaultLimiter;
+
+// NOTE v0.2.8: Fixed keyGenerator to use getClientIP() instead of req.socket.remoteAddress
+// This ensures rate limiting works correctly behind reverse proxy (OpenResty)