fix(auth): harden password verification against timing attacks

- Run dummy hash when user is not found to prevent timing-based enumeration - Extract and log real client IP on login requests - Remove unused test files - Reorder application config for clarity
2026-05-21 02:39:06 +08:00
parent 2cf3806298
commit 3937224341
7 changed files with 52 additions and 94 deletions
@@ -44,3 +44,8 @@ kotlin {
 tasks.withType<Test> {
    useJUnitPlatform()
 }
+
+// 打包时排除dev环境配置
+tasks.named<ProcessResources>("processResources") {
+    exclude("application-dev.yaml")
+}