hailin
/
gcx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
69 Commits 1 Branch 0 Tags 38 MiB
Dart 46.5%
TypeScript 39%
Go 5.7%
Shell 3.6%
Python 1.8%
Other 3.1%
Go to file
hailin 127f2cdd81 feat: Debezium CDC 安全加固 + WAL 防护 (来自 rwadurian 生产事故经验) 
## 背景
rwadurian 2.0 服务器发生 Debezium CDC 事故:
- DBZ-7316 bug: Debezium ≤2.4 的 searchWalPosition 循环不推进 confirmed_flush_lsn
- PostgreSQL WAL 从正常涨到 306GB, 磁盘占用 23% → 修复后降至 6%
- Kafka Connect REST API 暴露公网, 被注入 3 个恶意 SSRF connector
- pg_logical_emit_message 心跳无效: 写入 WAL 但不经过 publication

## 变更内容

### 1. Debezium 版本锁定 (docker-compose.yml)
- debezium/connect:2.5 → debezium/connect:2.5.4.Final
- 2.5.1 修复 DBZ-7316, 2.5.4 为该系列最终稳定版

### 2. PostgreSQL WAL 安全阀 (docker-compose.yml)
- 新增 max_slot_wal_keep_size=10GB
- 限制单个 replication slot 最多保留 10GB WAL
- 超限后 PostgreSQL 使 slot 失效, 防止磁盘被吃满

### 3. 端口安全加固 (docker-compose.yml)
绑定 127.0.0.1, 禁止公网访问:
- PostgreSQL 5432 (数据库直连)
- Redis 6379 (无密码保护)
- Kafka Connect 8083 (SSRF 注入风险)
- Kafka 29092 (外部访问端口)
- Kong Admin 8001 (路由篡改风险)
- MinIO Console 9001 (默认密码)

### 4. 基础设施可用性 (docker-compose.yml)
- 所有基础设施服务添加 restart: unless-stopped
- Kafka Connect 添加 OFFSET_FLUSH_INTERVAL_MS=10s (默认 60s)

### 5. Debezium 支持表 (040_create_debezium_support.sql)
- debezium_heartbeat: 心跳表, singleton 约束, INSERT...ON CONFLICT DO UPDATE
- debezium_signal: 信号表, 用于增量快照等运维操作
- debezium_outbox_publication: 包含 outbox + heartbeat + signal 三表

### 6. Connector 配置 (scripts/debezium/outbox-connector.json)
- heartbeat TABLE 方式 (非 pg_logical_emit_message)
- publication.autocreate.mode=disabled (使用预建 publication)
- signal.enabled.channels=source,kafka (支持增量快照重放)
- ExtractNewRecordState + RegexRouter transforms

### 7. 部署脚本 (scripts/debezium/register-connectors.sh)
- 等待 Kafka Connect 就绪
- 支持创建和更新 connector
- 验证 connector 状态

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 		2026-02-15 06:42:03 -08:00
.claude feat: Genex Chain 区块链完整实现 — cosmos/evm v0.5.1 应用链 + 9合约 + 合规集成 2026-02-14 23:40:37 -08:00
backend feat: Debezium CDC 安全加固 + WAL 防护 (来自 rwadurian 生产事故经验) 2026-02-15 06:42:03 -08:00
blockchain feat: Genex Chain 区块链完整实现 — cosmos/evm v0.5.1 应用链 + 9合约 + 合规集成 2026-02-14 23:40:37 -08:00
docs docs: 06-区块链开发指南 v3.0 量产版 — 去除全部MVP/阶段性限制 2026-02-14 18:47:55 -08:00
frontend feat: 三端集成 App升级 + 内部推送 + FCM外部推送框架 (genex-mobile/admin-app/mobile) 2026-02-13 07:02:14 -08:00
.gitignore chore: Ignore Claude Code config and Flutter auto-generated files 2026-02-11 07:28:02 -08:00
README.md Update company names and structure (Inc. for West, Ltd. for Asia) 2026-01-28 00:15:01 -08:00

README.md

Global Coupon Exchange

Website: gogenex.com

Brand Naming Strategy

This project adopts a regional branding strategy, using different brand names for different markets while maintaining brand family consistency.

Brand Structure

Market Brand Abbr Description
Western (US/Europe) Genex GNX Derived from Generation + Exchange, familiar Western naming style
Asian (including China) Gensen / 券信 GS "Gensen" from Cantonese pronunciation of Chinese characters "券信"

Unified Domain

  • gogenex.com - Single global domain for all markets
  • Subdomains or paths for regional content (e.g., gogenex.com/cn, gogenex.com/asia)

Naming Logic

Genex (Western Markets)

  • Gen = Generation / Generic / Genesis
  • ex = Exchange
  • Natural pronunciation, similar to well-known Western brands like FedEx, Amex
  • Professional, modern, and trustworthy fintech image

Gensen / 券信 (Asian Markets)

  • 券 (Quan) = Coupon / Voucher
  • 信 (Xin) = Trust / Credit
  • Gensen = Romanization of Cantonese pronunciation "gyun seon"
  • Use Chinese characters "券信" in Mainland China
  • Use romanized "Gensen" in other Asian regions
  • Two characters conveying core values: coupon trading + trust guarantee

Brand Consistency

Genex    ←── "Gen-" prefix ──→  Gensen
   ↑                              ↑
   └─────── Same brand family ────┘
                   ↓
                 券信 (Chinese localization)
  • Genex and Gensen share the "Gen-" prefix, establishing brand family recognition
  • Gensen directly transliterates to 券信, providing seamless connection
  • Global users can recognize these as regional versions of the same platform

Usage Scenarios

Scenario Western Markets Asian Markets (non-China) China Market
Company Name GoGenex Inc. Gensen Asia Ltd. 券信科技有限公司
App Name Genex Gensen 券信
Domain gogenex.com gogenex.com/asia gogenex.com/cn
Social Media @gogenex @gensen_official @券信official

Note on Company Structure:

  • Inc. (Corporation) for Western markets: Better for VC funding, stock issuance, and potential IPO
  • Ltd. (Limited) for Asian markets: Common structure in Asia-Pacific region
  • Social media handles use variations to avoid conflicts with existing accounts

Legal & Operations

Due to varying financial regulations across countries, each regional brand will:

  • Operate as an independent legal entity
  • Comply with local regulatory requirements
  • Share core technology platform and philosophy
  • Establish brand association through parent company

Project Overview

Global Coupon Exchange (GCX) is a coupon asset trading platform designed to provide users with secure and convenient trading services for digital assets such as coupons, gift cards, and vouchers.

Core Features

  • Coupon asset listing and trading
  • Secure transaction matching mechanism
  • Multi-currency settlement support
  • User credit system

Tech Stack

TBD

Documentation

For detailed development documentation, please refer to the docs directory.

License

TBD