-
Notifications
You must be signed in to change notification settings - Fork 0
Security Architecture
zhouning edited this page Mar 22, 2026
·
1 revision
中英双语 | Bilingual
| 层级 | 机制 | 说明 |
|---|---|---|
| 1. 认证 | 密码 (bcrypt) + OAuth2 (Google) | 暴力破解防护:5 次失败 → 15 分钟锁定 |
| 2. 授权 | RBAC (admin/analyst/viewer) | ContextVar 传播用户身份,每请求注入 |
| 3. 输入验证 | SQL 注入防护 + Prompt 注入检测 | 仅允许 SELECT/WITH 语句;自定义技能指令过滤 |
| 4. 执行隔离 | 用户文件沙箱 + 参数化 SQL | uploads/{user_id}/ 隔离;Python 沙箱 |
| 5. 输出安全 | 路径遍历防护 + 数据脱敏 | _resolve_path() 路径验证 |
| 6. 审计 | 审计日志 + Token 追踪 | 完整操作记录(用户/动作/目标/时间) |
| 功能 | admin | analyst | viewer |
|---|---|---|---|
| 通用管道 | ✅ | ✅ | ✅ (只读) |
| 优化管道 | ✅ | ✅ | ❌ |
| 治理管道 | ✅ | ✅ | ❌ |
| 管理后台 | ✅ | ❌ | ❌ |
| 用户管理 | ✅ | ❌ | ❌ |
| 表共享 | ✅ | ❌ | ❌ |
完整安全文档:security-architecture.md
| Layer | Mechanism | Details |
|---|---|---|
| 1. Authentication | Password (bcrypt) + OAuth2 (Google) | Brute-force protection: 5 failures → 15min lockout |
| 2. Authorization | RBAC (admin/analyst/viewer) | ContextVar user identity propagation per request |
| 3. Input Validation | SQL injection prevention + Prompt injection detection | Only SELECT/WITH allowed; Custom Skill instruction filtering |
| 4. Execution Isolation | User file sandbox + Parameterized SQL | uploads/{user_id}/ isolation; Python sandbox |
| 5. Output Safety | Path traversal prevention + Data redaction | _resolve_path() validation |
| 6. Audit | Audit log + Token tracking | Full operation records (user/action/target/timestamp) |
| Feature | admin | analyst | viewer |
|---|---|---|---|
| General Pipeline | ✅ | ✅ | ✅ (read-only) |
| Optimization Pipeline | ✅ | ✅ | ❌ |
| Governance Pipeline | ✅ | ✅ | ❌ |
| Admin Dashboard | ✅ | ❌ | ❌ |
| User Management | ✅ | ❌ | ❌ |
| Table Sharing | ✅ | ❌ | ❌ |
Full security docs: security-architecture.md
GIS Data Agent v14.5 · Built on Google ADK · GitHub · Report Issue
快速开始 Getting Started
核心概念 Core Concepts
使用指南 User Guide
架构与运维 Architecture & Ops
参考 Reference