xiner/NextEdu
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(P2): 实现质量保障类5项功能(无障碍/视觉回归/通知渠道/漏洞扫描/灾备)

Browse Source 
## 新增功能

### 1. 屏幕阅读器兼容性增强(a11y)
- 无障碍工具库:src/shared/lib/a11y.ts
- aria-live Hook:src/shared/hooks/use-aria-live.ts
- a11y 组件:skip-link/visually-hidden/focus-trap/aria-status
- 增强 UI:table.tsx 系统性 ARIA role,dialog.tsx aria-modal
- 审计文档:docs/accessibility/a11y-audit.md(WCAG 2.1 AA 清单)

### 2. 视觉回归测试
- 测试套件:tests/visual/(homepage + 3 个 dashboard)
- 3 视口(desktop/tablet/mobile)× 2 主题(light/dark)
- 动态元素遮罩,避免误报
- playwright.config.ts 新增 visual-chromium 项目
- 文档:docs/testing/visual-regression.md

### 3. 短信/微信推送渠道集成
- 新模块:src/modules/notifications/
- 4 个渠道:SMS(阿里云/腾讯云)、WeChat(公众号)、Email(SMTP)、In-App
- 分发器按用户偏好并行多渠道发送
- 外部 SDK 动态 import,Mock 模式开发可用
- 文档:docs/notifications/channels.md

### 4. 漏洞扫描 CI 集成
- CI security-scan job:npm audit + Snyk + Trivy FS + OWASP ZAP
- 独立工作流 security.yml:每周一深度扫描 + 容器镜像扫描
- 配置:suppressions.json + .trivyignore
- 本地脚本:security-scan.sh/ps1
- 文档:docs/security/scanning.md(SLA 分级)

### 5. 灾备方案
- 脚本:backup-verify/backup-offsite-sync/dr-drill/failover/health-check
- CI 增强:备份后校验+异地同步,每周灾备演练
- 独立工作流 dr-drill.yml:每周一凌晨 4 点自动演练
- 文档:docs/dr/dr-plan.md(RTO 4h/RPO 24h)+ dr-runbook.md(6 故障场景)

## 验证
- npx tsc --noEmit:0 错误
- npm run lint:0 错误 0 警告
This commit is contained in:
SpecialX
2026-06-17 20:18:29 +08:00
parent b86255f0ea
commit 6585e10c6f
53 changed files with 7491 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
scripts/security-scan.ps1 Normal file
View File

@@ -0,0 +1,137 @@
# 本地安全扫描脚本 (Windows PowerShell)
# 用法: .\scripts\security-scan.ps1
# 功能: npm audit + Trivy 文件系统扫描,输出彩色报告
# 退出码: 0=无高危漏洞, 1=存在高危漏洞
$ErrorActionPreference = "Continue"
$ProjectRoot = Resolve-Path "$PSScriptRoot\.."
Set-Location $ProjectRoot
$script:HasHigh = 0
function Write-Header($msg) {
Write-Host "================================================" -ForegroundColor Cyan
Write-Host " $msg" -ForegroundColor Cyan
Write-Host "================================================" -ForegroundColor Cyan
}
function Write-Pass($msg) { Write-Host "[PASS] $msg" -ForegroundColor Green }
function Write-Warn2($msg) { Write-Host "[WARN] $msg" -ForegroundColor Yellow }
function Write-Fail($msg) { Write-Host "[FAIL] $msg" -ForegroundColor Red; $script:HasHigh = 1 }
function Write-Info2($msg) { Write-Host "[INFO] $msg" -ForegroundColor Blue }
function Test-Command($name) {
return [bool](Get-Command $name -ErrorAction SilentlyContinue)
}
Write-Header "本地安全扫描"
Write-Info2 "项目目录: $ProjectRoot"
Write-Host ""
# ------------------------------------------------
# 1. npm audit
# ------------------------------------------------
Write-Header "1/2 npm audit (依赖审计)"
if (-not (Test-Command "npm")) {
Write-Fail "未检测到 npm,请先安装 Node.js"
exit 1
}
$auditJson = "$env:TEMP\audit-report.json"
npm audit --json 2>$null | Out-File -FilePath $auditJson -Encoding utf8
if (Test-Path $auditJson) {
try {
$audit = Get-Content $auditJson -Raw | ConvertFrom-Json
$v = $audit.metadata.vulnerabilities
$critical = if ($v.critical) { [int]$v.critical } else { 0 }
$high = if ($v.high) { [int]$v.high } else { 0 }
$moderate = if ($v.moderate) { [int]$v.moderate } else { 0 }
$low = if ($v.low) { [int]$v.low } else { 0 }
Write-Host -NoNewline " critical: "; Write-Host -NoNewline "$critical " -ForegroundColor Red
Write-Host -NoNewline " high: "; Write-Host -NoNewline "$high " -ForegroundColor Red
Write-Host -NoNewline " moderate: "; Write-Host -NoNewline "$moderate " -ForegroundColor Yellow
Write-Host -NoNewline " low: "; Write-Host "$low" -ForegroundColor Green
if ($critical -gt 0 -or $high -gt 0) {
Write-Fail "npm audit 发现 critical/high 漏洞"
} else {
Write-Pass "npm audit 无 critical/high 漏洞"
}
} catch {
Write-Warn2 "npm audit 报告解析失败,显示原始输出"
npm audit --audit-level=moderate
}
Copy-Item $auditJson "$ProjectRoot\audit-report.json" -Force
Write-Info2 "报告已保存: audit-report.json"
} else {
Write-Warn2 "npm audit 未生成报告"
}
Write-Host ""
# ------------------------------------------------
# 2. Trivy 文件系统扫描
# ------------------------------------------------
Write-Header "2/2 Trivy FS Scan (文件系统扫描)"
if (-not (Test-Command "trivy")) {
Write-Warn2 "未检测到 trivy,跳过文件系统扫描"
Write-Info2 "安装 Trivy: https://aquasecurity.github.io/trivy/latest/getting-started/installation/"
} else {
$trivyReport = "$ProjectRoot\trivy-fs-report.json"
trivy fs --format json --output $trivyReport --exit-code 0 . 2>$null
if ($LASTEXITCODE -eq 0) {
Write-Pass "Trivy 扫描完成"
} else {
Write-Warn2 "Trivy 扫描返回非零状态(可能存在漏洞)"
}
if (Test-Path $trivyReport) {
try {
$trivy = Get-Content $trivyReport -Raw | ConvertFrom-Json
$allVulns = @()
foreach ($r in $trivy.Results) {
if ($r.Vulnerabilities) { $allVulns += $r.Vulnerabilities }
}
$total = $allVulns.Count
$critical = @($allVulns | Where-Object { $_.Severity -eq "CRITICAL" }).Count
$high = @($allVulns | Where-Object { $_.Severity -eq "HIGH" }).Count
$medium = @($allVulns | Where-Object { $_.Severity -eq "MEDIUM" }).Count
$low = @($allVulns | Where-Object { $_.Severity -eq "LOW" }).Count
Write-Host -NoNewline " 总计: $total critical: "; Write-Host -NoNewline "$critical " -ForegroundColor Red
Write-Host -NoNewline " high: "; Write-Host -NoNewline "$high " -ForegroundColor Red
Write-Host -NoNewline " medium: "; Write-Host -NoNewline "$medium " -ForegroundColor Yellow
Write-Host -NoNewline " low: "; Write-Host "$low" -ForegroundColor Green
if ($critical -gt 0 -or $high -gt 0) {
Write-Fail "Trivy 发现 critical/high 漏洞"
} else {
Write-Pass "Trivy 无 critical/high 漏洞"
}
Write-Info2 "报告已保存: trivy-fs-report.json"
} catch {
Write-Warn2 "Trivy 报告解析失败"
}
}
Write-Host ""
Write-Info2 "Trivy 表格视图:"
trivy fs --format table --exit-code 0 .
}
Write-Host ""
# ------------------------------------------------
# 汇总
# ------------------------------------------------
Write-Header "扫描汇总"
if ($script:HasHigh -eq 0) {
Write-Pass "未发现高危漏洞 (exit 0)"
exit 0
} else {
Write-Fail "发现高危漏洞,请尽快处理 (exit 1)"
Write-Host " SLA: critical 24h / high 7d / medium 30d / low 90d" -ForegroundColor Blue
exit 1
}