admin777/new-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: move top_up_link from status API to topup info API

Browse Source 
Move top_up_link out of the public GetStatus endpoint into the
authenticated GetTopUpInfo endpoint. Update classic frontend to
read topup_link from the topup info response instead of status.
Also add mailto links in SECURITY.md.

close #4582
This commit is contained in:
CaIon 2026-05-06 20:26:45 +08:00
parent ee190b6049
commit 5c793d7992
No known key found for this signature in database
GPG Key ID: 0CFA613529A9921D
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/SECURITY.md vendored
View File

@ -1,7 +1,7 @@
# Security Policy # Security Policy
> [!IMPORTANT] > [!IMPORTANT]
> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** (support@quantumnous.com) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions: > **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** ([support@quantumnous.com](mailto:support@quantumnous.com)) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
> >
> 1. **All uncoordinated bulk reports will be closed without review.** > 1. **All uncoordinated bulk reports will be closed without review.**
> 2. **Repeated offenders may be blocked** from further submissions. > 2. **Repeated offenders may be blocked** from further submissions.
@ -12,11 +12,13 @@
We provide security updates for the following versions: We provide security updates for the following versions:
| Version | Supported | | Version | Supported |
| ------- | ------------------ | | ------- | ------------------ |
| Latest | :white_check_mark: | | Latest | :white_check_mark: |
| Older | :x: | | Older | :x: |
We strongly recommend that users always use the latest version for the best security and features. We strongly recommend that users always use the latest version for the best security and features.
## Reporting a Vulnerability ## Reporting a Vulnerability
@ -31,7 +33,7 @@ To report a security issue, please use the GitHub Security Advisories tab to "[O
Alternatively, you can report via email: Alternatively, you can report via email:
- **Email:** support@quantumnous.com - **Email:** [support@quantumnous.com](mailto:support@quantumnous.com)
- **Subject:** `[SECURITY] Security Vulnerability Report` - **Subject:** `[SECURITY] Security Vulnerability Report`
### What to Include ### What to Include
@ -91,4 +93,4 @@ For detailed configuration instructions, please refer to the project documentati
## Disclaimer ## Disclaimer
This project is provided "as is" without any express or implied warranty. Users should assess the security risks of using this software in their environment. This project is provided "as is" without any express or implied warranty. Users should assess the security risks of using this software in their environment.

1
controller/misc.go
View File

@ -70,7 +70,6 @@ func GetStatus(c *gin.Context) {
"server_address": system_setting.ServerAddress, "server_address": system_setting.ServerAddress,
"turnstile_check": common.TurnstileCheckEnabled, "turnstile_check": common.TurnstileCheckEnabled,
"turnstile_site_key": common.TurnstileSiteKey, "turnstile_site_key": common.TurnstileSiteKey,
"top_up_link": common.TopUpLink,
"docs_link": operation_setting.GetGeneralSetting().DocsLink, "docs_link": operation_setting.GetGeneralSetting().DocsLink,
"quota_per_unit": common.QuotaPerUnit, "quota_per_unit": common.QuotaPerUnit,
// 兼容旧前端:保留 display_in_currency同时提供新的 quota_display_type // 兼容旧前端:保留 display_in_currency同时提供新的 quota_display_type

1
controller/topup.go
View File

@ -110,6 +110,7 @@ func GetTopUpInfo(c *gin.Context) {
"waffo_pancake_min_topup": setting.WaffoPancakeMinTopUp, "waffo_pancake_min_topup": setting.WaffoPancakeMinTopUp,
"amount_options": operation_setting.GetPaymentSetting().AmountOptions, "amount_options": operation_setting.GetPaymentSetting().AmountOptions,
"discount": operation_setting.GetPaymentSetting().AmountDiscount, "discount": operation_setting.GetPaymentSetting().AmountDiscount,
"topup_link": common.TopUpLink,
} }
common.ApiSuccess(c, data) common.ApiSuccess(c, data)
} }

6
web/classic/src/components/topup/index.jsx vendored
View File

@ -52,9 +52,7 @@ const TopUp = () => {
const [topUpCount, setTopUpCount] = useState( const [topUpCount, setTopUpCount] = useState(
statusState?.status?.min_topup || 1, statusState?.status?.min_topup || 1,
); );
const [topUpLink, setTopUpLink] = useState( const [topUpLink, setTopUpLink] = useState('');
statusState?.status?.top_up_link || '',
);
const [enableOnlineTopUp, setEnableOnlineTopUp] = useState( const [enableOnlineTopUp, setEnableOnlineTopUp] = useState(
statusState?.status?.enable_online_topup || false, statusState?.status?.enable_online_topup || false,
); );
@ -658,6 +656,7 @@ const TopUp = () => {
setWaffoPancakeMinTopUp(data.waffo_pancake_min_topup || 1); setWaffoPancakeMinTopUp(data.waffo_pancake_min_topup || 1);
setMinTopUp(minTopUpValue); setMinTopUp(minTopUpValue);
setTopUpCount(minTopUpValue); setTopUpCount(minTopUpValue);
setTopUpLink(data.topup_link || '');
// Creem // Creem
try { try {
@ -764,7 +763,6 @@ const TopUp = () => {
// const minTopUpValue = statusState.status.min_topup || 1; // const minTopUpValue = statusState.status.min_topup || 1;
// setMinTopUp(minTopUpValue); // setMinTopUp(minTopUpValue);
// setTopUpCount(minTopUpValue); // setTopUpCount(minTopUpValue);
setTopUpLink(statusState.status.top_up_link || '');
setPriceRatio(statusState.status.price || 1); setPriceRatio(statusState.status.price || 1);
setStatusLoading(false); setStatusLoading(false);