review: fix critical/medium bugs in 4 plugins (round 2)
group_horse_racing: - settle_race: rewrite with 7 bug fixes (race condition, draw double-credit, empty participants, etc.) - models.py: reorder fields for correct defaults, add indexes - message_service: add logger import danding_points: - api.py: add finally blocks to 3 methods (add_points, get_history, get_leaderboard) - database.py: add finally block to get_user_balance chatai: - __init__.py: deprecated API→asyncio.to_thread, deduplicate logging, taskkill filter for safety - screenshot.py: XSS protection with bleach on HTML content - requirements.txt: add bleach dependency danding_qqpush: - api.py L13: fix self-referencing _renderer NameError crash - api.py: lazy singleton pattern via _get_renderer() instead of per-request ImageRenderer - __init__.py: mask Token in log output (security) All 34 tests pass.
This commit is contained in:
@@ -42,8 +42,8 @@ class PointsAPI:
|
||||
def _add():
|
||||
with self._lock:
|
||||
conn = self.db.get_connection()
|
||||
cursor = conn.cursor()
|
||||
try:
|
||||
cursor = conn.cursor()
|
||||
# Ensure user exists
|
||||
self.db.ensure_user_exists(user_id, conn)
|
||||
|
||||
@@ -60,7 +60,6 @@ class PointsAPI:
|
||||
if self.config.POINTS_MAX_BALANCE > 0:
|
||||
if new_balance > self.config.POINTS_MAX_BALANCE:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
return False, current_balance
|
||||
|
||||
# Update balance and total_earned
|
||||
@@ -85,13 +84,13 @@ class PointsAPI:
|
||||
)
|
||||
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return True, new_balance
|
||||
except Exception as e:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
logger.error(f"add_points failed for {user_id}: {e}")
|
||||
return False, 0
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
return await asyncio.to_thread(_add)
|
||||
|
||||
@@ -116,8 +115,8 @@ class PointsAPI:
|
||||
def _spend():
|
||||
with self._lock:
|
||||
conn = self.db.get_connection()
|
||||
cursor = conn.cursor()
|
||||
try:
|
||||
cursor = conn.cursor()
|
||||
# Ensure user exists
|
||||
self.db.ensure_user_exists(user_id, conn)
|
||||
|
||||
@@ -132,7 +131,6 @@ class PointsAPI:
|
||||
# Check sufficient balance
|
||||
if current_balance < amount:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
return False, current_balance
|
||||
|
||||
# Update balance and total_spent
|
||||
@@ -158,13 +156,13 @@ class PointsAPI:
|
||||
)
|
||||
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return True, new_balance
|
||||
except Exception as e:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
logger.error(f"spend_points failed for {user_id}: {e}")
|
||||
return False, 0
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
return await asyncio.to_thread(_spend)
|
||||
|
||||
@@ -184,8 +182,8 @@ class PointsAPI:
|
||||
def _set():
|
||||
with self._lock:
|
||||
conn = self.db.get_connection()
|
||||
cursor = conn.cursor()
|
||||
try:
|
||||
cursor = conn.cursor()
|
||||
# Ensure user exists
|
||||
self.db.ensure_user_exists(user_id, conn)
|
||||
|
||||
@@ -201,7 +199,6 @@ class PointsAPI:
|
||||
# If new value equals old value, return without writing
|
||||
if current_balance == amount:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
return True, amount
|
||||
|
||||
# Calculate difference for total_earned (only positive diff)
|
||||
@@ -230,13 +227,13 @@ class PointsAPI:
|
||||
)
|
||||
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return True, amount
|
||||
except Exception as e:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
logger.error(f"set_points failed for {user_id}: {e}")
|
||||
return False, 0
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
return await asyncio.to_thread(_set)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user