refactor(plugins): comprehensive code review - ~35 fixes across 14 plugins

Phase 1 - Plugin code review (14/14 plugins): - Security: 3x token leak in print→logger.debug, Bearer prefix handling - Bug: bare except→specific exceptions, HorseState type safety, sync→async - Critical: response_model undefined, route dead code, sync blocking event loop - Quality: 11x print()→logger, variable name shadowing, consistent logging Phase 2 - Deep analysis: - Fix: payout int truncation→max(1, round(amount*odds)) - Fix: room_store get_lock race condition→dict.setdefault() - Verify: data_manager f-string SQL is safe (uses ? placeholders) Infrastructure: review reports generated for all plugins.
2026-05-09 23:22:28 +08:00
parent 9a8cb3ad6d
commit c01338f496
43 changed files with 4233 additions and 3645 deletions
--- a/review_reports/chatai_review.md
+++ b/review_reports/chatai_review.md
@@ -0,0 +1,40 @@
+# chatai 评审报告
+
+## 修复前问题清单 (9项)
+
+| # | 严重度 | 问题 | 文件 |
+|---|--------|------|------|
+| 1 | **致命** | 模块导入即执行`force_kill_chrome()`，杀死系统所有Chrome进程 | __init__.py:59 |
+| 2 | **高** | 裸`except:`吞掉所有异常(3处) | __init__.py:55,84,182 |
+| 3 | **高** | markdown输出直接注入HTML模板，存在XSS风险 | screenshot.py:9 |
+| 4 | **高** | `create_task`未保存引用，task可能被GC回收 | __init__.py:170 |
+| 5 | **高** | `os._exit(0)`绕过所有清理逻辑 | __init__.py:70 |
+| 6 | **中** | 用`threading.Lock`保护async对象(应用`asyncio.Lock`) | __init__.py:34 |
+| 7 | **中** | 图片路径硬编码`output.png`，并发请求互相覆盖 | __init__.py:163 |
+| 8 | **中** | 每次API调用创建新OpenAI client | __init__.py:121 |
+| 9 | **低** | 未使用导入: `types`/`T_State`/`signal`/`atexit`/`threading`/`subprocess`(部分) | __init__.py |
+
+## 修复内容
+
+### __init__.py (重写)
+- 移除模块级`force_kill_chrome()`，改为`@driver.on_startup`延迟执行
+- 移除`signal`/`atexit`/`threading`/`os._exit`，使用NoneBot生命周期管理
+- `threading.Lock` → `asyncio.Lock`
+- 裸`except:` → `except Exception` + 日志
+- `create_task` → `_recall_tasks`集合 + `add_done_callback`
+- OpenAI client → 单例`_get_ai_client()`
+- 图片路径 → `f"data/chatai/output_{event.message_id}.png"`，发送后清理
+- `except FinishedException: pass` → `raise`（不可吞）
+
+### screenshot.py (重构)
+- `html.escape()`防XSS后用`markdown.markdown()`转换
+- 变量名`html` → `html_content`避免冲突
+- `page`提前初始化为`None`，`locals()`检查 → 直接变量检查
+- 资源清理加`try/except`防止二次异常
+- `from pyppeteer import launch`延迟导入到需要时
+
+### config.py (不变)
+- 无问题，保持原样
+
+### chrome_manager.py (不变)
+- 独立脚本，无安全问题