refactor: move top_up_link from status API to topup info API

Move top_up_link out of the public GetStatus endpoint into the authenticated GetTopUpInfo endpoint. Update classic frontend to read topup_link from the topup info response instead of status. Also add mailto links in SECURITY.md. close #4582
2026-05-06 20:26:45 +08:00 · 2026-05-06 20:26:45 +08:00 · 5c793d7992
commit 5c793d7992
parent ee190b6049
4 changed files with 8 additions and 8 deletions
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -1,7 +1,7 @@
 # Security Policy

 > [!IMPORTANT]
-> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** (support@quantumnous.com) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
+> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** ([support@quantumnous.com](mailto:support@quantumnous.com)) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
 >
 > 1. **All uncoordinated bulk reports will be closed without review.**
 > 2. **Repeated offenders may be blocked** from further submissions.
@ -12,11 +12,13 @@

 We provide security updates for the following versions:

+
 | Version | Supported          |
 | ------- | ------------------ |
 | Latest  | :white_check_mark: |
 | Older   | :x:                |

+
 We strongly recommend that users always use the latest version for the best security and features.

 ## Reporting a Vulnerability
@ -31,7 +33,7 @@ To report a security issue, please use the GitHub Security Advisories tab to "[O

 Alternatively, you can report via email:

- **Email:** support@quantumnous.com
+- **Email:** [support@quantumnous.com](mailto:support@quantumnous.com)
 - **Subject:** `[SECURITY] Security Vulnerability Report`

 ### What to Include
@ -91,4 +93,4 @@ For detailed configuration instructions, please refer to the project documentati

 ## Disclaimer

-This project is provided "as is" without any express or implied warranty. Users should assess the security risks of using this software in their environment.
+This project is provided "as is" without any express or implied warranty. Users should assess the security risks of using this software in their environment.
--- a/controller/misc.go
+++ b/controller/misc.go
@ -70,7 +70,6 @@ func GetStatus(c *gin.Context) {
 		"server_address":              system_setting.ServerAddress,
 		"turnstile_check":             common.TurnstileCheckEnabled,
 		"turnstile_site_key":          common.TurnstileSiteKey,
-		"top_up_link":                 common.TopUpLink,
 		"docs_link":                   operation_setting.GetGeneralSetting().DocsLink,
 		"quota_per_unit":              common.QuotaPerUnit,
 		// 兼容旧前端：保留 display_in_currency，同时提供新的 quota_display_type
--- a/controller/topup.go
+++ b/controller/topup.go
@ -110,6 +110,7 @@ func GetTopUpInfo(c *gin.Context) {
 		"waffo_pancake_min_topup": setting.WaffoPancakeMinTopUp,
 		"amount_options":          operation_setting.GetPaymentSetting().AmountOptions,
 		"discount":                operation_setting.GetPaymentSetting().AmountDiscount,
+		"topup_link":              common.TopUpLink,
 	}
 	common.ApiSuccess(c, data)
 }
--- a/web/classic/src/components/topup/index.jsx
+++ b/web/classic/src/components/topup/index.jsx
@ -52,9 +52,7 @@ const TopUp = () => {
  const [topUpCount, setTopUpCount] = useState(
    statusState?.status?.min_topup || 1,
  );
-  const [topUpLink, setTopUpLink] = useState(
-    statusState?.status?.top_up_link || '',
-  );
+  const [topUpLink, setTopUpLink] = useState('');
  const [enableOnlineTopUp, setEnableOnlineTopUp] = useState(
    statusState?.status?.enable_online_topup || false,
  );
@ -658,6 +656,7 @@ const TopUp = () => {
          setWaffoPancakeMinTopUp(data.waffo_pancake_min_topup || 1);
          setMinTopUp(minTopUpValue);
          setTopUpCount(minTopUpValue);
+          setTopUpLink(data.topup_link || '');

          // 设置 Creem 产品
          try {
@ -764,7 +763,6 @@ const TopUp = () => {
      // const minTopUpValue = statusState.status.min_topup || 1;
      // setMinTopUp(minTopUpValue);
      // setTopUpCount(minTopUpValue);
-      setTopUpLink(statusState.status.top_up_link || '');
      setPriceRatio(statusState.status.price || 1);

      setStatusLoading(false);