xia.silei/DanDingNoneBot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
101 Commits 2 Branches 0 Tags
8d26c463236a6fe74d69f005aac9bda09f42f512
Commit Graph

5 Commits

Author SHA1 Message Date
Mr.Xia
1b484d7fda fix: 修复 damo_balance 引号语法错误及 chatai bleach 缺失依赖 
- damo_balance/__init__.py: 将外层字符串改为单引号,消除内嵌双引号引起的 SyntaxError
- chatai/screenshot.py: bleach 改为 try/except 可选导入,无 bleach 时降级跳过 HTML 净化
- requirements.txt: 补充 openai>=1.0.0 与 pyppeteer>=1.0.2 依赖声明
 2026-05-11 22:43:27 +08:00
Mr.Xia
c62ac37611 review: fix critical/medium bugs in 4 plugins (round 2) 
group_horse_racing:
- settle_race: rewrite with 7 bug fixes (race condition, draw double-credit, empty participants, etc.)
- models.py: reorder fields for correct defaults, add indexes
- message_service: add logger import

danding_points:
- api.py: add finally blocks to 3 methods (add_points, get_history, get_leaderboard)
- database.py: add finally block to get_user_balance

chatai:
- __init__.py: deprecated API→asyncio.to_thread, deduplicate logging, taskkill filter for safety
- screenshot.py: XSS protection with bleach on HTML content
- requirements.txt: add bleach dependency

danding_qqpush:
- api.py L13: fix self-referencing _renderer NameError crash
- api.py: lazy singleton pattern via _get_renderer() instead of per-request ImageRenderer
- __init__.py: mask Token in log output (security)

All 34 tests pass.
 2026-05-10 00:30:22 +08:00
Mr.Xia
e28d871940 fix(chatai): 安全修复+代码质量改进 
- _force_kill_chrome: 仅kill带--remote-debugging-port的headless chrome
- AI API: 添加60s timeout + run_in_executor避免阻塞事件循环
- AI系统提示抽取为常量
- markdown转图片: 移除错误的html.escape前置
- screenshot: 等待渲染完成替代固定sleep
- 错误信息不再暴露异常详情给用户
 2026-05-09 23:48:54 +08:00
Mr.Xia
c01338f496 refactor(plugins): comprehensive code review - ~35 fixes across 14 plugins 
Phase 1 - Plugin code review (14/14 plugins):
- Security: 3x token leak in print→logger.debug, Bearer prefix handling
- Bug: bare except→specific exceptions, HorseState type safety, sync→async
- Critical: response_model undefined, route dead code, sync blocking event loop
- Quality: 11x print()→logger, variable name shadowing, consistent logging

Phase 2 - Deep analysis:
- Fix: payout int truncation→max(1, round(amount*odds))
- Fix: room_store get_lock race condition→dict.setdefault()
- Verify: data_manager f-string SQL is safe (uses ? placeholders)

Infrastructure: review reports generated for all plugins.
 2026-05-09 23:22:28 +08:00
XiaM-Admin
4a944316fe 首次提交 2025-12-26 22:41:42 +08:00