gendesign/backend/app/api/v1
Light1YT 3cf9fad683
Some checks failed
CI / changes (push) Successful in 6s
CI / frontend-tests (push) Has been skipped
CI / changes (pull_request) Successful in 7s
CI / frontend-tests (pull_request) Has been skipped
CI / backend-tests (push) Successful in 6m38s
CI / backend-tests (pull_request) Successful in 6m37s
Deploy / build-backend (push) Blocked by required conditions
Deploy / build-worker (push) Blocked by required conditions
Deploy / build-frontend (push) Blocked by required conditions
Deploy / deploy (push) Blocked by required conditions
Deploy / changes (push) Has been cancelled
fix(backend): экранировать Excel formula-injection (#1244) + увести chat-чтение с event loop (#1245)
#1244 (security): внешние/скрейпинг-строки (comm_name из DOM.РФ, headline/usp_text)
с ведущим = + - @ \t \r писались как есть → openpyxl сохранял как формулы
(data_type='f'), исполнялись при открытии в Excel/LibreOffice. _sanitize_formula
префиксует такие строки апострофом (OWASP CSV-injection escape); числа/даты/bool
не трогаются. _write_kv labels тоже санитизируются. Подтверждено на openpyxl 3.1.5.

#1245 (concurrency): async ask() вызывал sync get_report_for_chat() (sync SQLAlchemy
тянет крупный JSONB §22-отчёт) напрямую — блокировал event loop, в отличие от
LLM-ветки (run_in_threadpool). Обёрнуто в run_in_threadpool.

Closes #1244
Closes #1245
2026-06-13 18:10:21 +05:00
..
__init__.py init 2026-04-25 13:45:19 +03:00
admin_cadastre.py refactor(security): убрать X-Admin-Token (Caddy basic_auth достаточен) (#437) 2026-05-23 10:41:22 +00:00
admin_etl.py refactor(security): убрать X-Admin-Token (Caddy basic_auth достаточен) (#437) 2026-05-23 10:41:22 +00:00
admin_jobs.py refactor(security): убрать X-Admin-Token (Caddy basic_auth достаточен) (#437) 2026-05-23 10:41:22 +00:00
admin_leads.py refactor(security): убрать X-Admin-Token (Caddy basic_auth достаточен) (#437) 2026-05-23 10:41:22 +00:00
admin_scrape.py feat(sf): cross-load ETL tradein→gendesign newbuilding_listings — вариант A (#976) 2026-06-12 11:18:47 +03:00
admin_weight_profiles.py refactor(security): убрать X-Admin-Token (Caddy basic_auth достаточен) (#437) 2026-05-23 10:41:22 +00:00
analytics.py feat(recommend): horizon-aware recommend_mix opt-in overlay (#982, 953-A) (#1014) 2026-06-03 07:40:33 +00:00
chat.py fix(backend): экранировать Excel formula-injection (#1244) + увести chat-чтение с event loop (#1245) 2026-06-13 18:10:21 +05:00
concepts.py init 2026-04-25 13:45:19 +03:00
custom_pois.py feat(#254): user_custom_pois — backend schema + CRUD + scoring integration 2026-05-17 09:34:33 +03:00
insights.py feat(insights): manual-entry Insight entity CRUD + §19 audit (#948 part A) 2026-06-08 12:41:39 +05:00
landing.py feat(sf-fe-a12): Landing redesign + PilotCTA с real B3/B4 data (v2 rebased) (#367) 2026-05-18 05:16:57 +00:00
locations.py feat(location): district-level Location entity + indices (#948 part B) 2026-06-08 13:28:19 +05:00
me.py feat(rbac): role-based access control via X-Authenticated-User middleware (#585) 2026-05-26 06:18:40 +00:00
own_projects.py feat(site-finder): own-portfolio data source for §25.3 cannibalization (#1169 PR1) 2026-06-08 16:21:53 +05:00
parcels.py feat(forecast): расширить горизонт прогноза до 24 мес (ТЗ §12.1) 2026-06-13 17:27:35 +05:00
photos.py fix ui 2026-04-27 20:42:18 +03:00
pilot.py fix(pilot): drop pydantic EmailStr — email-validator dep missing → backend startup crash (#337) 2026-05-17 21:32:23 +00:00
ping.py feat(backend): add /api/v1/ping liveness endpoint (#634) 2026-05-29 15:53:29 +00:00
trade_in.py feat(trade-in): TI-2 PDF export 4-page + frontend enable button (#319) 2026-05-17 17:16:48 +00:00
users.py feat(sf-b2): GET /users/me/recent-parcels — stub endpoint (auth TODO) (#329) 2026-05-17 21:04:16 +00:00