refactor(plugins): comprehensive code review - ~35 fixes across 14 plugins

Phase 1 - Plugin code review (14/14 plugins): - Security: 3x token leak in print→logger.debug, Bearer prefix handling - Bug: bare except→specific exceptions, HorseState type safety, sync→async - Critical: response_model undefined, route dead code, sync blocking event loop - Quality: 11x print()→logger, variable name shadowing, consistent logging Phase 2 - Deep analysis: - Fix: payout int truncation→max(1, round(amount*odds)) - Fix: room_store get_lock race condition→dict.setdefault() - Verify: data_manager f-string SQL is safe (uses ? placeholders) Infrastructure: review reports generated for all plugins.
2026-05-09 23:22:28 +08:00
parent 9a8cb3ad6d
commit c01338f496
43 changed files with 4233 additions and 3645 deletions
--- a/review_reports/danding_qqpush_review.md
+++ b/review_reports/danding_qqpush_review.md
@@ -0,0 +1,53 @@
+# danding_qqpush 评审报告
+
+## 修复前问题清单 (5项)
+
+| # | 严重度 | 问题 | 文件 |
+|---|--------|------|------|
+| 1 | **严重** | `init_bot()` 在模块加载时调用，bot尚未连接必然失败 | __init__.py |
+| 2 | **中** | PIL 图片渲染在 async handler 中同步执行，阻塞 event loop | api.py |
+| 3 | **中** | Token 硬编码默认值 `"danding-8HkL9xQ2"` 泄露安全隐患 | config.py |
+| 4 | **低** | `get_bot()` 中 silent except 吞没错误，调试困难 | sender.py |
+| 5 | **低** | `validate_token` 使用 `==` 比较，存在时序攻击风险 | utils.py |
+
+## 修复内容
+
+### __init__.py
+- 移除模块级 `init_bot()` 调用
+- 改为 `@driver.on_bot_connect` 异步钩子，确保 bot 就绪后再初始化
+- 移除未使用的 `get_bots` 导入
+
+### api.py
+- PIL `render_to_base64()` 包装为 `asyncio.to_thread()`，避免阻塞事件循环
+- 添加 `import asyncio`
+
+### config.py
+- Token 默认值改为空字符串，强制用户配置
+- `FontPaths` 列表默认值改为 tuple，符合 Pydantic 最佳实践
+
+### sender.py
+- 添加 `logger` 导入
+- `get_bot()` 的 silent except 改为 `logger.warning()` 记录异常
+
+### utils.py
+- `validate_token` 改用 `secrets.compare_digest()` 防时序攻击
+
+## 修复后验证 (12/12 ✓)
+
+| 检查项 | 结果 |
+|--------|------|
+| init: on_bot_connect hook | ✓ |
+| init: no module-level init_bot() | ✓ |
+| init: model_dump not .dict() | ✓ |
+| api: asyncio.to_thread for PIL | ✓ |
+| api: asyncio import | ✓ |
+| config: no hardcoded token | ✓ |
+| config: FontPaths is tuple | ✓ |
+| sender: logger import | ✓ |
+| sender: no silent except | ✓ |
+| sender: logger.warning in get_bot | ✓ |
+| utils: secrets.compare_digest | ✓ |
+| text_parser: validate_text exists | ✓ |
+
+## 代码质量总结
+修复后评级：**B+** (架构清晰，安全问题已修复，async处理合理)