fix: 5 个安全/正确性问题(第二轮)

1. (High) user_id NOT NULL 导致 add 任务失败
   → ALTER TABLE 加 DEFAULT '', DROP NOT NULL
2. (High) 调度器任务卡住阻塞后续
   → timeout(120s) + kill_on_drop
3. (Medium) 多实例重复执行
   → SELECT ... FOR UPDATE SKIP LOCKED
4. (Medium) SQL 注入(字符串拼接)
   → psql -v 参数化 (:name, :cmd, :interval)
5. (Medium) 非工具对话 usage 未记录
   → consume() 改为 &mut self,消费后再读 usage
This commit is contained in:
2026-06-02 11:03:31 +08:00
parent 5602b08faf
commit 6dd12425d6
5 changed files with 33 additions and 21 deletions
+4 -2
View File
@@ -598,7 +598,9 @@ async fn generate_reply(
user_text: String,
db: &Option<Arc<Database>>,
) -> Result<String, String> {
let handle = conv.chat(user_text).await?;
let mut handle = conv.chat(user_text).await?;
// 先消费流(usage 在 Done chunk 中才可用)
let reply = handle.consume().await?;
if let Some(u) = handle.get_usage() {
info!(
"📊 Token: {} 总 / {} 提示 / {} 生成 | 缓存命中 {} | 缓存未命中 {}",
@@ -610,7 +612,7 @@ async fn generate_reply(
);
store_usage(db, "", conv.model(), conv.provider_name(), u).await;
}
handle.consume().await
Ok(reply)
}
async fn generate_reply_with_tools(