xia.silei/DanDingNoneBot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
99 Commits 2 Branches 0 Tags
29ae3695af81f6c9f28cd38f15be8c0830f14b43
Commit Graph

5 Commits

Author SHA1 Message Date
Mr.Xia
c2ba9d2f74 fix(qqpush): 修复token配置读取导致的404 2026-05-27 17:25:31 +08:00
Mr.Xia
c62ac37611 review: fix critical/medium bugs in 4 plugins (round 2) 
group_horse_racing:
- settle_race: rewrite with 7 bug fixes (race condition, draw double-credit, empty participants, etc.)
- models.py: reorder fields for correct defaults, add indexes
- message_service: add logger import

danding_points:
- api.py: add finally blocks to 3 methods (add_points, get_history, get_leaderboard)
- database.py: add finally block to get_user_balance

chatai:
- __init__.py: deprecated API→asyncio.to_thread, deduplicate logging, taskkill filter for safety
- screenshot.py: XSS protection with bleach on HTML content
- requirements.txt: add bleach dependency

danding_qqpush:
- api.py L13: fix self-referencing _renderer NameError crash
- api.py: lazy singleton pattern via _get_renderer() instead of per-request ImageRenderer
- __init__.py: mask Token in log output (security)

All 34 tests pass.
 2026-05-10 00:30:22 +08:00
Mr.Xia
f240ba2882 perf+fix(danding_qqpush): perf优化+安全修复+代码DRY 
- image_render: cached draw object, font.getlength() 替代逐字符创建临时Image
- image_render: 移除PNG无效的quality参数
- api.py: ImageRenderer单例复用(避免每请求重载字体)
- api.py: 异常详情不再泄露到API响应
- sender.py: 提取_send_msg()消除重复代码
 2026-05-09 23:46:44 +08:00
Mr.Xia
c01338f496 refactor(plugins): comprehensive code review - ~35 fixes across 14 plugins 
Phase 1 - Plugin code review (14/14 plugins):
- Security: 3x token leak in print→logger.debug, Bearer prefix handling
- Bug: bare except→specific exceptions, HorseState type safety, sync→async
- Critical: response_model undefined, route dead code, sync blocking event loop
- Quality: 11x print()→logger, variable name shadowing, consistent logging

Phase 2 - Deep analysis:
- Fix: payout int truncation→max(1, round(amount*odds))
- Fix: room_store get_lock race condition→dict.setdefault()
- Verify: data_manager f-string SQL is safe (uses ? placeholders)

Infrastructure: review reports generated for all plugins.
 2026-05-09 23:22:28 +08:00
XiaM-Admin
dedc872f1b 功能:通过 HTTP API 实现 Danding_QqPush 插件,用于 QQ 群通知 
- 增加了通过外部 HTTP API 向 QQ 群组发送消息的核心功能。
- 实现了对长文本消息的图片渲染,以避免被认定为垃圾信息。
- 支持在消息中提及特定的 QQ 用户。
- 创建了用于 API 令牌和图片渲染设置的配置选项。
- 开发了一个测试脚本以验证 API 功能。
- 对现有代码进行了重构,以提高组织性和可维护性。
 2026-01-20 21:19:05 +08:00