refactor: move top_up_link from status API to topup info API

Move top_up_link out of the public GetStatus endpoint into the
authenticated GetTopUpInfo endpoint. Update classic frontend to
read topup_link from the topup info response instead of status.
Also add mailto links in SECURITY.md.

close #4582

.github/SECURITY.md

@@ -1,7 +1,7 @@
 # Security Policy
 
 > [!IMPORTANT]
-> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** (support@quantumnous.com) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
+> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** ([support@quantumnous.com](mailto:support@quantumnous.com)) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
 >
 > 1. **All uncoordinated bulk reports will be closed without review.**
 > 2. **Repeated offenders may be blocked** from further submissions.
@@ -12,11 +12,13 @@
 
 We provide security updates for the following versions:
 
+
 | Version | Supported          |
 | ------- | ------------------ |
 | Latest  | :white_check_mark: |
 | Older   | :x:                |
 
+
 We strongly recommend that users always use the latest version for the best security and features.
 
 ## Reporting a Vulnerability
@@ -31,7 +33,7 @@ To report a security issue, please use the GitHub Security Advisories tab to "[O
 
 Alternatively, you can report via email:
 
-- **Email:** support@quantumnous.com
+- **Email:** [support@quantumnous.com](mailto:support@quantumnous.com)
 - **Subject:** `[SECURITY] Security Vulnerability Report`
 
 ### What to Include
@@ -91,4 +93,4 @@ For detailed configuration instructions, please refer to the project documentati
 
 ## Disclaimer
 
-This project is provided "as is" without any express or implied warranty. Users should assess the security risks of using this software in their environment.
+This project is provided "as is" without any express or implied warranty. Users should assess the security risks of using this software in their environment.

controller/misc.go

@@ -70,7 +70,6 @@ func GetStatus(c *gin.Context) {
 		"server_address":              system_setting.ServerAddress,
 		"turnstile_check":             common.TurnstileCheckEnabled,
 		"turnstile_site_key":          common.TurnstileSiteKey,
-		"top_up_link":                 common.TopUpLink,
 		"docs_link":                   operation_setting.GetGeneralSetting().DocsLink,
 		"quota_per_unit":              common.QuotaPerUnit,
 		// 兼容旧前端：保留 display_in_currency，同时提供新的 quota_display_type

controller/topup.go

@@ -110,6 +110,7 @@ func GetTopUpInfo(c *gin.Context) {
 		"waffo_pancake_min_topup": setting.WaffoPancakeMinTopUp,
 		"amount_options":          operation_setting.GetPaymentSetting().AmountOptions,
 		"discount":                operation_setting.GetPaymentSetting().AmountDiscount,
+		"topup_link":              common.TopUpLink,
 	}
 	common.ApiSuccess(c, data)
 }

web/classic/src/components/topup/index.jsx

@@ -52,9 +52,7 @@ const TopUp = () => {
   const [topUpCount, setTopUpCount] = useState(
     statusState?.status?.min_topup || 1,
   );
-  const [topUpLink, setTopUpLink] = useState(
-    statusState?.status?.top_up_link || '',
-  );
+  const [topUpLink, setTopUpLink] = useState('');
   const [enableOnlineTopUp, setEnableOnlineTopUp] = useState(
     statusState?.status?.enable_online_topup || false,
   );
@@ -658,6 +656,7 @@ const TopUp = () => {
           setWaffoPancakeMinTopUp(data.waffo_pancake_min_topup || 1);
           setMinTopUp(minTopUpValue);
           setTopUpCount(minTopUpValue);
+          setTopUpLink(data.topup_link || '');
 
           // 设置 Creem 产品
           try {
@@ -764,7 +763,6 @@ const TopUp = () => {
       // const minTopUpValue = statusState.status.min_topup || 1;
       // setMinTopUp(minTopUpValue);
       // setTopUpCount(minTopUpValue);
-      setTopUpLink(statusState.status.top_up_link || '');
       setPriceRatio(statusState.status.price || 1);
 
       setStatusLoading(false);