fix: harden ops runbooks and execution

2026-03-15 11:09:26 +08:00
parent 27b038898d
commit 36f11fa846
10 changed files with 1912 additions and 101 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -3,6 +3,7 @@ package config
 import (
 	"fmt"
 	"os"
+	"strings"

 	"gopkg.in/yaml.v3"
 )
@@ -31,6 +32,13 @@ type Config struct {
 		VerificationToken string `yaml:"verification_token"`
 		EncryptKey        string `yaml:"encrypt_key"`
 	} `yaml:"feishu"`
+	AI struct {
+		Enabled        bool   `yaml:"enabled"`
+		BaseURL        string `yaml:"base_url"`
+		APIKey         string `yaml:"api_key"`
+		Model          string `yaml:"model"`
+		TimeoutSeconds int    `yaml:"timeout_seconds"`
+	} `yaml:"ai"`
 	Admin struct {
 		Username string `yaml:"username"`
 		Password string `yaml:"password"`
@@ -57,6 +65,24 @@ func LoadConfig(path string) (*Config, error) {
 	return cfg, nil
 }

+func IsWeakPassword(pw string) bool {
+	p := strings.TrimSpace(pw)
+	if p == "" {
+		return true
+	}
+	weak := map[string]bool{
+		"admin123":      true,
+		"your_password": true,
+		"CHANGE_ME":     true,
+		"change_me":     true,
+		"password":      true,
+		"123456":        true,
+		"12345678":      true,
+		"qwerty":        true,
+	}
+	return weak[p]
+}
+
 func (c *Config) Validate() error {
 	if c.Database.Path == "" {
 		return fmt.Errorf("database.path 不能为空")
@@ -83,5 +109,13 @@ func (c *Config) Validate() error {
 			return fmt.Errorf("feishu 已启用但 app_id 或 app_secret 为空")
 		}
 	}
+	if c.AI.Enabled {
+		if c.AI.BaseURL == "" || c.AI.APIKey == "" || c.AI.Model == "" {
+			return fmt.Errorf("ai 已启用但 base_url/api_key/model 为空")
+		}
+		if c.AI.TimeoutSeconds <= 0 {
+			c.AI.TimeoutSeconds = 15
+		}
+	}
 	return nil
 }