review: fix critical/medium bugs in 4 plugins (round 2)

group_horse_racing: - settle_race: rewrite with 7 bug fixes (race condition, draw double-credit, empty participants, etc.) - models.py: reorder fields for correct defaults, add indexes - message_service: add logger import danding_points: - api.py: add finally blocks to 3 methods (add_points, get_history, get_leaderboard) - database.py: add finally block to get_user_balance chatai: - __init__.py: deprecated API→asyncio.to_thread, deduplicate logging, taskkill filter for safety - screenshot.py: XSS protection with bleach on HTML content - requirements.txt: add bleach dependency danding_qqpush: - api.py L13: fix self-referencing _renderer NameError crash - api.py: lazy singleton pattern via _get_renderer() instead of per-request ImageRenderer - __init__.py: mask Token in log output (security) All 34 tests pass.
2026-05-10 00:30:22 +08:00
parent f61465a95b
commit c62ac37611
11 changed files with 183 additions and 148 deletions
--- a/danding_bot/plugins/group_horse_racing/commands/shared.py
+++ b/danding_bot/plugins/group_horse_racing/commands/shared.py
@@ -234,67 +234,62 @@ async def settle_race(room: Room) -> tuple[RaceResult, dict[str, float]] | None:
    if not champion:
        return None

-    user_ids = set()
+    odds = calculate_odds(room)
+
+    # Collect all affected user IDs
+    user_ids: set[str] = set()
    for horse in room.horses.values():
        user_ids.add(horse.owner_id)
-    for horse in room.horses.values():
-        for bet in horse.bets:
-            user_ids.add(bet.user_id)
-    
-    pre_balances = {}
+    for bet in room.bets:
+        user_ids.add(bet.user_id)
+
+    # Record pre-balances
+    pre_balances: dict[str, int] = {}
    for uid in user_ids:
-        balance = await points_service.get_balance(uid)
-        pre_balances[uid] = balance if balance is not None else 0
+        pre_balances[uid] = points_service.get_balance(uid)

-    participant_points = config.PARTICIPANT_REWARD
+    # 1. Reward all participants
    for horse in room.horses.values():
-        ret, code = await points_service.reward_participant(horse.owner_id, participant_points)
-        if not ret and code != POINTS_ERR_CODE_DUPLICATE:
-            logger.warning(f"reward_participant failed for {horse.owner_id}: code={code}")
+        try:
+            await points_service.reward_participant(horse.owner_id)
+        except Exception as e:
+            logger.warning(f"reward_participant failed for {horse.owner_id}: {e}")

-    champion_points = config.CHAMPION_REWARD
-    ret, code = await points_service.reward_champion(champion.owner_id, champion_points)
-    if not ret and code != POINTS_ERR_CODE_DUPLICATE:
-        logger.warning(f"reward_champion failed for {champion.owner_id}: code={code}")
+    # 2. Champion bonus
+    try:
+        await points_service.reward_champion(champion.owner_id)
+    except Exception as e:
+        logger.warning(f"reward_champion failed for {champion.owner_id}: {e}")

-    all_bets = []
-    for horse_name, horse in room.horses.items():
-        all_bets.extend(horse.bets)
+    # 3. Bet payouts for winners
+    for bet in room.bets:
+        if bet.horse_name == room.champion_name:
+            try:
+                await points_service.payout_winnings(
+                    bet.user_id, bet.amount, odds.get(bet.horse_name, config.MIN_ODDS)
+                )
+            except Exception as e:
+                logger.warning(f"payout_winnings failed for {bet.user_id}: {e}")

-    total_bet = sum(bet.amount for bet in all_bets)
-    if total_bet == 0:
-        odds = {}
-    else:
-        odds = {}
-        for horse_name, horse in room.horses.items():
-            horse_bet = sum(bet.amount for bet in horse.bets)
-            if horse_bet == 0:
-                odds[horse_name] = config.MAX_ODDS
-            else:
-                odds[horse_name] = max(config.MIN_ODDS, total_bet / horse_bet)
-
-    champion_bets = room.horses[room.champion_name].bets
-    for bet in champion_bets:
-        win_amount = int(bet.amount * odds[room.champion_name])
-        ret, code = await points_service.payout_winnings(bet.user_id, win_amount)
-        if not ret and code != POINTS_ERR_CODE_DUPLICATE:
-            logger.warning(f"payout_winnings failed for {bet.user_id}: code={code}")
-
-    post_balances = {}
+    # Record post-balances and compute deltas
+    post_balances: dict[str, int] = {}
    for uid in user_ids:
-        balance = await points_service.get_balance(uid)
-        post_balances[uid] = balance if balance is not None else 0
-    
-    point_changes = {}
+        post_balances[uid] = points_service.get_balance(uid)
+
+    point_changes: dict[str, int] = {}
    for uid in user_ids:
        delta = post_balances[uid] - pre_balances[uid]
        if delta != 0:
            point_changes[uid] = delta

+    # Build human-readable summaries
+    _, point_change_summaries = _build_point_changes(room, odds)
+
    result = RaceResult(
        champion_name=room.champion_name,
-        finishing_order=[name for name in room.finishing_order if name in room.horses],
-        point_changes=point_changes
+        champion_owner=champion.owner_id,
+        point_changes=point_changes,
+        point_change_summaries=point_change_summaries,
    )
    return result, odds