panda
afcd18c54f
Backend: - Add NotFoundException + BusinessException, return correct HTTP status (404/400) - Add @Index on reports.project_id and reports.upload_time - Add fileSize column to reports, populate on upload, return in DTO - Cascade delete: deleting project now removes all reports (DB + files + PDFs) - Delete report: also clean up pre-rendered PDF - File upload MIME validation (extension + Content-Type) - Remove duplicate @ExceptionHandler from ReportController - Switch from System.err to SLF4J logger - Handle MethodArgumentNotValid, MissingServletRequestPart, etc. Frontend: - Remove all Docker files (project uses 宝塔 panel deployment) - Upgrade axios 1.6.8 -> 1.7.7 (CVE-2024-39338) - Remove unused @vue-office/pptx + vue-demi (see CHANGELOG for rationale) - Fix vite proxy port 37821 -> 30081 - Remove mock data fallback in production - Add upload report UI (button + modal in ProjectDetail) - Add create project UI (button + modal in ProjectList) - Add filename search box in ProjectDetail - New useApi methods: createProject, uploadReport, deleteProject, deleteReport - FilePreview/ReportCard: show fileSize (was undefined before) Docs: - Add README.md (overview, quick start, structure) - Add CHANGELOG.md (full change log + pptx removal rationale) - Include EVALUATION_REPORT.md and blog-vibe-coding.md Tests: - All 73 backend tests pass - All 43 frontend tests pass - Updated test fixtures for new API contract
117 lines
3.9 KiB
Markdown
117 lines
3.9 KiB
Markdown
# publish(AI日报分发平台)评测报告
|
||
|
||
**评测时间**:2026-06-01 08:27
|
||
**项目路径**:`D:\Idea Project\publish`
|
||
**项目定位**:AI日报私有化分发平台,单用户使用,无登录系统
|
||
**技术栈**:Spring Boot 3.2.5 + Vue 3.4 + SQLite + Docker + nginx
|
||
|
||
---
|
||
|
||
## 综合评分
|
||
|
||
| 维度 | 评分 | 状态 |
|
||
|------|------|------|
|
||
| 代码质量与架构 | 69/100 | ✅ verifier通过(95%准确率) |
|
||
| 产品设计与用户体验 | P0×1 / P1×5+ | ✅ verifier通过 |
|
||
|
||
---
|
||
|
||
## 一、代码质量与架构评测 — 69/100
|
||
|
||
### P0 严重(必须修复)
|
||
|
||
**1. axios 已知漏洞**
|
||
- 存在已知 CVE,需升级 axios 版本
|
||
- **修复**:检查 `package.json` / `pom.xml` 确认具体版本
|
||
|
||
**2. `reports.project_id` 无数据库索引**
|
||
- 查询报表列表时 `WHERE project_id` 无索引,性能瓶颈
|
||
- **修复**:添加索引 `CREATE INDEX idx_reports_project_id ON reports(project_id)`
|
||
|
||
**3. 级联删除缺失**
|
||
- 删除项目后,`reports` 中的关联记录变成孤立数据
|
||
- **修复**:JPA entity 添加 `@OnDelete(DeleteAction.CASCADE)` 或手动清理
|
||
|
||
### P1 高风险
|
||
|
||
| # | 问题 | 说明 |
|
||
|---|------|------|
|
||
| 1 | `ddl-auto: update` 生产危险 | 字段变更可能导致数据丢失 |
|
||
| 2 | exception handler 重复 | 各 controller 重复 try-catch,应统一 |
|
||
| 3 | N+1 查询 | 列表查询未做 JOIN FETCH |
|
||
| 4 | 文件上传 MIME 校验缺失 | 仅检查后缀,类型可伪造 |
|
||
| 5 | 无单元/集成测试 | 核心业务逻辑无测试覆盖 |
|
||
|
||
### 误报修正(verifier 发现)
|
||
|
||
- ❌ 端口冲突(30081 vs 37821)→ 实际不冲突,30081 在 Docker 内被正确忽略
|
||
- ❌ iframe sandbox 安全gap → iframe sandbox 默认阻止脚本,实际安全
|
||
- ✅ vite proxy 与后端端口不一致 → 确认需使用 docker-compose 端口
|
||
|
||
### 亮点
|
||
|
||
- ✅ HTML iframe sandbox 隔离(安全)
|
||
- ✅ PPTX 转 PDF 预渲染机制(阅读体验好)
|
||
- ✅ API 文档完整(API.md)
|
||
- ✅ 分层清晰(controller → service → repository)
|
||
- ✅ 私有化部署完整(Dockerfile + docker-compose + nginx)
|
||
|
||
---
|
||
|
||
## 二、产品设计与用户体验评测
|
||
|
||
### P0 致命(阻塞性)
|
||
|
||
**前端完全缺失上传报告 UI**
|
||
- 后端 API 完整(`POST /api/reports` + multipart 上传)
|
||
- **前端 UI 断链**:用户打开页面只能看,无法发布报告
|
||
- 这与「发布平台」的定位根本矛盾
|
||
- **修复**:补充前端上传 UI(file input + project selector + submit button)
|
||
|
||
### P1 高风险
|
||
|
||
| # | 问题 | 说明 |
|
||
|---|------|------|
|
||
| 1 | 报告管理无搜索/筛选 | 报告多了无法快速找到 |
|
||
| 2 | Docker volume 路径硬编码 | 部署时路径不灵活 |
|
||
| 3 | 单用户场景无密码保护 | 虽无认证需求,但文件上传无任何保护 |
|
||
| 4 | 报告阅读体验优秀 | HTML/MD/PPTX 预览完整,视觉质量高 |
|
||
|
||
### 亮点
|
||
|
||
- ✅ 阅读体验:HTML/MD/PPTX 预览完整,视觉质量高
|
||
- ✅ Docker 一键部署基本可用
|
||
- ✅ 无登录需求判断正确(单用户私有化)
|
||
|
||
---
|
||
|
||
## 修复优先级
|
||
|
||
### 本周(阻塞项)
|
||
1. **补充前端上传 UI**(P0,平台核心功能缺失)
|
||
2. **升级 axios**(P0,安全漏洞)
|
||
3. **添加 reports.project_id 索引**(P0,性能)
|
||
|
||
### 下月(重要)
|
||
1. 级联删除修复
|
||
2. 文件上传 MIME 校验
|
||
3. 添加基础测试覆盖
|
||
|
||
---
|
||
|
||
## 关键文件索引
|
||
|
||
| 文件 | 作用 |
|
||
|------|------|
|
||
| `src/main/java/.../controller/ReportController.java` | 报告 API(上传/列表/详情/删除) |
|
||
| `src/main/java/.../entity/Report.java` | 报告实体(无索引) |
|
||
| `src/main/java/.../config/` | CORS + Docker 配置 |
|
||
| `frontend/src/views/` | Vue 前端视图(缺上传页) |
|
||
| `docker-compose.yml` | 容器编排(缺 health check) |
|
||
| `nginx.conf` | 前端反向代理配置 |
|
||
| `deploy/package.ps1` | 部署打包脚本 |
|
||
|
||
---
|
||
|
||
*报告生成时间:2026-06-01 08:33(Cycle 1 · 代码+产品设计 verifier 均通过)*
|