refactor(plugins): comprehensive code review - ~35 fixes across 14 plugins
Phase 1 - Plugin code review (14/14 plugins): - Security: 3x token leak in print→logger.debug, Bearer prefix handling - Bug: bare except→specific exceptions, HorseState type safety, sync→async - Critical: response_model undefined, route dead code, sync blocking event loop - Quality: 11x print()→logger, variable name shadowing, consistent logging Phase 2 - Deep analysis: - Fix: payout int truncation→max(1, round(amount*odds)) - Fix: room_store get_lock race condition→dict.setdefault() - Verify: data_manager f-string SQL is safe (uses ? placeholders) Infrastructure: review reports generated for all plugins.
This commit is contained in:
@@ -1,52 +1,52 @@
|
||||
"""工具函数模块"""
|
||||
import secrets
|
||||
import string
|
||||
|
||||
|
||||
def generate_token(length: int = 16, prefix: str = "danding-") -> str:
|
||||
"""
|
||||
生成随机 Token
|
||||
|
||||
Args:
|
||||
length: 随机部分长度
|
||||
prefix: Token 前缀
|
||||
|
||||
Returns:
|
||||
生成的 Token
|
||||
"""
|
||||
# 生成随机字符串(字母和数字)
|
||||
alphabet = string.ascii_letters + string.digits
|
||||
random_part = ''.join(secrets.choice(alphabet) for _ in range(length))
|
||||
|
||||
return f"{prefix}{random_part}"
|
||||
|
||||
|
||||
def validate_token(token: str, expected_token: str) -> bool:
|
||||
"""
|
||||
验证 Token 是否正确
|
||||
|
||||
Args:
|
||||
token: 待验证的 Token
|
||||
expected_token: 期望的 Token
|
||||
|
||||
Returns:
|
||||
是否匹配
|
||||
"""
|
||||
if not token or not expected_token:
|
||||
return False
|
||||
|
||||
return token == expected_token
|
||||
|
||||
|
||||
def format_log_message(message: str, level: str = "INFO") -> str:
|
||||
"""
|
||||
格式化日志消息
|
||||
|
||||
Args:
|
||||
message: 原始消息
|
||||
level: 日志级别
|
||||
|
||||
Returns:
|
||||
格式化后的消息
|
||||
"""
|
||||
return f"[Danding_QqPush] [{level}] {message}"
|
||||
"""工具函数模块"""
|
||||
import secrets
|
||||
import string
|
||||
|
||||
|
||||
def generate_token(length: int = 16, prefix: str = "danding-") -> str:
|
||||
"""
|
||||
生成随机 Token
|
||||
|
||||
Args:
|
||||
length: 随机部分长度
|
||||
prefix: Token 前缀
|
||||
|
||||
Returns:
|
||||
生成的 Token
|
||||
"""
|
||||
# 生成随机字符串(字母和数字)
|
||||
alphabet = string.ascii_letters + string.digits
|
||||
random_part = ''.join(secrets.choice(alphabet) for _ in range(length))
|
||||
|
||||
return f"{prefix}{random_part}"
|
||||
|
||||
|
||||
def validate_token(token: str, expected_token: str) -> bool:
|
||||
"""
|
||||
验证 Token 是否正确
|
||||
|
||||
Args:
|
||||
token: 待验证的 Token
|
||||
expected_token: 期望的 Token
|
||||
|
||||
Returns:
|
||||
是否匹配
|
||||
"""
|
||||
if not token or not expected_token:
|
||||
return False
|
||||
|
||||
return secrets.compare_digest(token.encode(), expected_token.encode())
|
||||
|
||||
|
||||
def format_log_message(message: str, level: str = "INFO") -> str:
|
||||
"""
|
||||
格式化日志消息
|
||||
|
||||
Args:
|
||||
message: 原始消息
|
||||
level: 日志级别
|
||||
|
||||
Returns:
|
||||
格式化后的消息
|
||||
"""
|
||||
return f"[Danding_QqPush] [{level}] {message}"
|
||||
|
||||
Reference in New Issue
Block a user