237899745/zsglpt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

安全修复: 收敛认证与日志风险并补充基础测试

Browse Source
This commit is contained in:
yuyx
2026-02-16 00:34:52 +08:00
parent 7627885b1b
commit 7d42f96e42
12 changed files with 163 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
app.py
View File

@@ -49,12 +49,13 @@ from services.tasks import get_task_scheduler
# 设置时区为中国标准时间CST, UTC+8
os.environ["TZ"] = "Asia/Shanghai"
_TZSET_ERROR = None
try:
import time as _time
_time.tzset()
except Exception:
pass
except Exception as e:
_TZSET_ERROR = e
def _sigchld_handler(signum, frame):
@@ -116,6 +117,8 @@ except Exception as socketio_error:
init_logging(log_level=config.LOG_LEVEL, log_file=config.LOG_FILE)
logger = get_logger("app")
if _TZSET_ERROR is not None:
logger.warning(f"设置时区失败,将继续使用系统默认时区: {_TZSET_ERROR}")
if _socketio_fallback_reason:
logger.warning(f"[SocketIO] 初始化失败,已回退 threading 模式: {_socketio_fallback_reason}")
logger.info(f"[SocketIO] 当前 async_mode: {socketio.async_mode}")
@@ -139,15 +142,15 @@ def _request_uses_https() -> bool:
try:
if bool(request.is_secure):
return True
except Exception:
pass
except Exception as e:
logger.debug(f"检查 request.is_secure 失败: {e}")
try:
forwarded_proto = str(request.headers.get("X-Forwarded-Proto", "") or "").split(",", 1)[0].strip().lower()
if forwarded_proto == "https":
return True
except Exception:
pass
except Exception as e:
logger.debug(f"检查 X-Forwarded-Proto 失败: {e}")
return False
@@ -255,8 +258,8 @@ def _record_request_metric_after_response(response) -> None:
logger.warning(
f"[API-DIAG] {method} {path} -> {status_code} ({duration_ms:.1f}ms)"
)
except Exception:
pass
except Exception as e:
logger.debug(f"记录请求指标失败: {e}")
@app.after_request
@@ -312,12 +315,12 @@ def serve_static(filename):
# 协商缓存:确保存在 ETag并基于 If-None-Match/If-Modified-Since 返回 304
try:
response.add_etag(overwrite=False)
except Exception:
pass
except Exception as e:
logger.debug(f"静态资源 ETag 设置失败({filename}): {e}")
try:
response.make_conditional(request)
except Exception:
pass
except Exception as e:
logger.debug(f"静态资源协商缓存处理失败({filename}): {e}")
response.headers.setdefault("Vary", "Accept-Encoding")
if is_hashed_asset:
@@ -341,33 +344,33 @@ def cleanup_on_exit():
for acc in accounts.values():
if getattr(acc, "is_running", False):
acc.should_stop = True
except Exception:
pass
except Exception as e:
logger.warning(f"停止运行中任务失败: {e}")
logger.info("- 停止任务调度器...")
try:
scheduler = get_task_scheduler()
scheduler.shutdown(timeout=5)
except Exception:
pass
except Exception as e:
logger.warning(f"停止任务调度器失败: {e}")
logger.info("- 关闭截图线程池...")
try:
shutdown_browser_worker_pool()
except Exception:
pass
except Exception as e:
logger.warning(f"关闭截图线程池失败: {e}")
logger.info("- 关闭邮件队列...")
try:
email_service.shutdown_email_queue()
except Exception:
pass
except Exception as e:
logger.warning(f"关闭邮件队列失败: {e}")
logger.info("- 关闭数据库连接池...")
try:
db_pool._pool.close_all() if db_pool._pool else None
except Exception:
pass
except Exception as e:
logger.warning(f"关闭数据库连接池失败: {e}")
logger.info("[OK] 资源清理完成")
@@ -464,7 +467,7 @@ def _log_startup_urls() -> None:
logger.info("服务器启动中...")
logger.info(f"用户访问地址: http://{config.SERVER_HOST}:{config.SERVER_PORT}")
logger.info(f"后台管理地址: http://{config.SERVER_HOST}:{config.SERVER_PORT}/yuyx")
logger.info("默认管理员: admin (首次运行随机密码见日志)")
logger.info("默认管理员: admin (首次运行密码写入 data/default_admin_credentials.txt)")
logger.info("=" * 60)