yexuejc007/PlayEdu
1
0
Fork 0
mirror of https://github.com/PlayEdu/PlayEdu synced 2025-06-10 20:04:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
PlayEdu/.cursor/rules/06-security-model.mdc
白书科技 c206fa4bf2 !13 LDAP优化增强 
* cursorrules
* fixed: ldap同步的部门记录name记录错误
* 主题色一致
* changelog
* admin接入ldap同步数据统计
* ldap同步数据记录接口合并
* fixed: 已同步被禁用用户的DN更新
* 已经同步的LDAP用户被禁止可以继续更新
* 优化代码
* 新增LDAP同步的详细记录
* 新增LDAP禁止用户的数据量统计
* 优化LDAP拉取数据的重复使用
* 优化LDAP同步
* ldap同步记录
* cursor rules
2025-05-19 06:25:34 +00:00

34 lines
1.1 KiB
Plaintext
Raw Blame History

---
description:
globs:
alwaysApply: false
---
# PlayEdu Security Model
This guide outlines the security model of the PlayEdu application.
## Authentication
- [BackendAuthInterceptor](mdc:playedu-api/playedu-api/src/main/java/xyz/playedu/api/interceptor/BackendAuthInterceptor.java) - Backend authentication interceptor
- [FrontendAuthInterceptor](mdc:playedu-api/playedu-api/src/main/java/xyz/playedu/api/interceptor/FrontendAuthInterceptor.java) - Frontend authentication interceptor
- JWT-based authentication for both frontend and backend users
## Authorization
- Role-based access control for backend users
- Department-based content access for frontend users
- Course permission enforcement
## Security Configuration
- CORS configuration to prevent cross-site request forgery
- Password encryption using BCrypt
- Input validation and sanitization
## Resource Security
- Private video storage and delivery
- URL-based token authentication for media access
- Anti-leech protection for media files
## Sensitive Data Protection
- PII (Personally Identifiable Information) protection
- Logging sanitization for sensitive data
- Database encryption for critical fields
Reference in New Issue View Git Blame Copy Permalink