refactor: move top_up_link from status API to topup info API

Move top_up_link out of the public GetStatus endpoint into the
authenticated GetTopUpInfo endpoint. Update classic frontend to
read topup_link from the topup info response instead of status.
Also add mailto links in SECURITY.md.

close #4582
This commit is contained in:
CaIon
2026-05-06 20:26:45 +08:00
parent ee190b6049
commit 5c793d7992
4 changed files with 8 additions and 8 deletions
+4 -2
View File
@@ -1,7 +1,7 @@
# Security Policy
> [!IMPORTANT]
> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** (support@quantumnous.com) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** ([support@quantumnous.com](mailto:support@quantumnous.com)) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
>
> 1. **All uncoordinated bulk reports will be closed without review.**
> 2. **Repeated offenders may be blocked** from further submissions.
@@ -12,11 +12,13 @@
We provide security updates for the following versions:
| Version | Supported |
| ------- | ------------------ |
| Latest | :white_check_mark: |
| Older | :x: |
We strongly recommend that users always use the latest version for the best security and features.
## Reporting a Vulnerability
@@ -31,7 +33,7 @@ To report a security issue, please use the GitHub Security Advisories tab to "[O
Alternatively, you can report via email:
- **Email:** support@quantumnous.com
- **Email:** [support@quantumnous.com](mailto:support@quantumnous.com)
- **Subject:** `[SECURITY] Security Vulnerability Report`
### What to Include
-1
View File
@@ -70,7 +70,6 @@ func GetStatus(c *gin.Context) {
"server_address": system_setting.ServerAddress,
"turnstile_check": common.TurnstileCheckEnabled,
"turnstile_site_key": common.TurnstileSiteKey,
"top_up_link": common.TopUpLink,
"docs_link": operation_setting.GetGeneralSetting().DocsLink,
"quota_per_unit": common.QuotaPerUnit,
// 兼容旧前端:保留 display_in_currency,同时提供新的 quota_display_type
+1
View File
@@ -110,6 +110,7 @@ func GetTopUpInfo(c *gin.Context) {
"waffo_pancake_min_topup": setting.WaffoPancakeMinTopUp,
"amount_options": operation_setting.GetPaymentSetting().AmountOptions,
"discount": operation_setting.GetPaymentSetting().AmountDiscount,
"topup_link": common.TopUpLink,
}
common.ApiSuccess(c, data)
}
+2 -4
View File
@@ -52,9 +52,7 @@ const TopUp = () => {
const [topUpCount, setTopUpCount] = useState(
statusState?.status?.min_topup || 1,
);
const [topUpLink, setTopUpLink] = useState(
statusState?.status?.top_up_link || '',
);
const [topUpLink, setTopUpLink] = useState('');
const [enableOnlineTopUp, setEnableOnlineTopUp] = useState(
statusState?.status?.enable_online_topup || false,
);
@@ -658,6 +656,7 @@ const TopUp = () => {
setWaffoPancakeMinTopUp(data.waffo_pancake_min_topup || 1);
setMinTopUp(minTopUpValue);
setTopUpCount(minTopUpValue);
setTopUpLink(data.topup_link || '');
// 设置 Creem 产品
try {
@@ -764,7 +763,6 @@ const TopUp = () => {
// const minTopUpValue = statusState.status.min_topup || 1;
// setMinTopUp(minTopUpValue);
// setTopUpCount(minTopUpValue);
setTopUpLink(statusState.status.top_up_link || '');
setPriceRatio(statusState.status.price || 1);
setStatusLoading(false);