Boonlive_RD_Web/Web_BLV_OA_Exam_Prod
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
42fcb71baeaab5ef1907e8778a50bc7e33713fea
Web_BLV_OA_Exam_Prod/openspec/specs/nfr.yaml
MomoWen b765a5d4ed 引入openspec管理
2025-12-22 18:29:23 +08:00

103 lines
3.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
version: 1
id: nfr
title: Non-Functional Requirements
sources:
project_md:
path: openspec/project.md
lines: "67-70"
middleware:
- api/middlewares/index.ts
database:
- api/database/index.ts
security:
password_handling:
status: not_compliant
current_state:
storage: "明文存储在 users.passwordSQLite"
transmission: "前后端请求体中直接传输 password 字段"
evidence:
- api/models/user.ts:18
- api/controllers/userController.ts:81
- openspec/project.md:69
required_state:
storage: "使用强哈希算法存储(例如 bcrypt/scrypt/argon2不存明文"
transmission: "避免回传密码;日志与导出不得包含敏感字段"
constraints:
- "当前实现未满足 required_state属于待整改项"
admin_authentication:
status: not_compliant
current_state:
admin_login_token: "固定值 admin-token"
route_guard: "adminAuth 中间件放行"
evidence:
- api/controllers/adminController.ts:1
- api/middlewares/index.ts:57
- openspec/project.md:68
required_state:
token_validation: "生产环境需实现真实鉴权(例如 JWT 校验)并在前后端一致落地"
constraints:
- "当前管理接口在后端层面不具备访问控制"
logging_sensitivity:
status: partial
current_state:
request_logging: "记录 method/path/statusCode/duration"
evidence:
- api/middlewares/index.ts:65
constraints:
- "应避免在日志中输出密码、token、导出数据等敏感信息当前需持续自查"
reliability:
database_initialization:
status: implemented
behavior: "仅当 users 表不存在时执行 init.sql"
evidence:
- api/database/index.ts:109
constraints:
- "若数据库存在但缺少部分表/列例如用户组、selection_config当前不会自动迁移"
performance:
limits:
request_body_max_bytes:
status: implemented
value: 10485760
evidence:
- api/server.ts:30
upload_max_bytes:
status: implemented
value: 10485760
evidence:
- api/middlewares/index.ts:7
database_characteristics:
status: implemented
notes: "SQLite 适合单机/轻量;并发与事务能力有限。"
evidence:
- openspec/project.md:70
compliance:
data_minimization:
status: partial
stored_personal_data:
- field: users.name
- field: users.phone
constraints:
- "当前未见用户数据保留期限/删除流程的实现"
gdpr_like_rights:
status: not_implemented
requirements:
- "数据导出:提供用户个人数据导出能力(当前仅管理员数据导出,且范围为业务数据)"
- "数据删除:支持按合规要求删除用户数据并处理关联记录"
constraints:
- "以上为合规目标要求;当前代码中未实现对应流程"
operability:
configuration:
status: implemented
mechanism: "dotenv + system_configs 表"
evidence:
- openspec/project.md:25
- api/models/systemConfig.ts:1
Reference in New Issue View Git Blame Copy Permalink