修复高优先级安全和稳定性问题

1. app.py: - 添加user_semaphores_lock线程锁，修复get_user_semaphore竞态条件 - 将9处裸except:改为except Exception:或具体异常类型 2. database.py: - 将3处裸except:改为except Exception: 3. email_service.py: - 添加_smtp_config_lock线程锁 - 修复daily_sent计数竞态条件：获取配置时预增，失败时回退 - _get_available_smtp_config和_get_next_available_smtp_config使用锁保护 🤖 Generated with Claude Code
2025-12-12 15:04:58 +08:00
parent 8b1014b922
commit b15e6f2af0
3 changed files with 129 additions and 94 deletions
--- a/email_service.py
+++ b/email_service.py
@@ -78,6 +78,9 @@ QUEUE_MAX_SIZE = int(os.environ.get('EMAIL_QUEUE_MAX_SIZE', '100'))
 # 为安全起见，设置为10MB，超过则分批发送
 MAX_ATTACHMENT_SIZE = int(os.environ.get('EMAIL_MAX_ATTACHMENT_SIZE', str(10 * 1024 * 1024)))  # 10MB

+# SMTP配置获取锁（防止并发获取时竞态条件导致超过每日限额）
+_smtp_config_lock = threading.Lock()
+

 # ============ 数据库操作 ============

@@ -500,80 +503,97 @@ def set_primary_smtp_config(config_id: int) -> bool:

 def _get_available_smtp_config(failover: bool = True) -> Optional[Dict[str, Any]]:
    """
-    获取可用的SMTP配置
+    获取可用的SMTP配置（线程安全）
    优先级: 主配置 > 按priority排序的启用配置
+    使用锁保护防止并发获取时超过每日限额
    """
    today = datetime.now().strftime('%Y-%m-%d')

-    with db_pool.get_db() as conn:
-        cursor = conn.cursor()
+    with _smtp_config_lock:  # 使用锁保护整个获取过程
+        with db_pool.get_db() as conn:
+            cursor = conn.cursor()

-        # 先重置过期的每日计数
-        cursor.execute("""
-            UPDATE smtp_configs
-            SET daily_sent = 0, daily_reset_date = ?
-            WHERE daily_reset_date != ? OR daily_reset_date IS NULL OR daily_reset_date = ''
-        """, (today, today))
-        conn.commit()
+            # 先重置过期的每日计数
+            cursor.execute("""
+                UPDATE smtp_configs
+                SET daily_sent = 0, daily_reset_date = ?
+                WHERE daily_reset_date != ? OR daily_reset_date IS NULL OR daily_reset_date = ''
+            """, (today, today))
+            conn.commit()

-        # 获取所有启用的配置，按优先级排序
-        cursor.execute("""
-            SELECT id, name, host, port, username, password, use_ssl, use_tls,
-                   sender_name, sender_email, daily_limit, daily_sent, is_primary
-            FROM smtp_configs
-            WHERE enabled = 1
-            ORDER BY is_primary DESC, priority ASC, id ASC
-        """)
+            # 获取所有启用的配置，按优先级排序
+            cursor.execute("""
+                SELECT id, name, host, port, username, password, use_ssl, use_tls,
+                       sender_name, sender_email, daily_limit, daily_sent, is_primary
+                FROM smtp_configs
+                WHERE enabled = 1
+                ORDER BY is_primary DESC, priority ASC, id ASC
+            """)

-        configs = cursor.fetchall()
+            configs = cursor.fetchall()

-        for row in configs:
-            config_id, name, host, port, username, password, use_ssl, use_tls, \
-                sender_name, sender_email, daily_limit, daily_sent, is_primary = row
+            for row in configs:
+                config_id, name, host, port, username, password, use_ssl, use_tls, \
+                    sender_name, sender_email, daily_limit, daily_sent, is_primary = row

-            # 检查每日限额
-            if daily_limit > 0 and daily_sent >= daily_limit:
-                continue  # 超过限额，跳过此配置
+                # 检查每日限额
+                if daily_limit > 0 and daily_sent >= daily_limit:
+                    continue  # 超过限额，跳过此配置

-            # 解密密码
-            decrypted_password = decrypt_password(password) if password else ''
+                # 预增计数（在返回配置前先占用配额，防止并发超限）
+                # 如果发送失败，_update_smtp_stats会在失败时回退
+                cursor.execute("""
+                    UPDATE smtp_configs
+                    SET daily_sent = daily_sent + 1
+                    WHERE id = ?
+                """, (config_id,))
+                conn.commit()

-            return {
-                'id': config_id,
-                'name': name,
-                'host': host,
-                'port': port,
-                'username': username,
-                'password': decrypted_password,
-                'use_ssl': bool(use_ssl),
-                'use_tls': bool(use_tls),
-                'sender_name': sender_name,
-                'sender_email': sender_email,
-                'is_primary': bool(is_primary)
-            }
+                # 解密密码
+                decrypted_password = decrypt_password(password) if password else ''

-        return None
+                return {
+                    'id': config_id,
+                    'name': name,
+                    'host': host,
+                    'port': port,
+                    'username': username,
+                    'password': decrypted_password,
+                    'use_ssl': bool(use_ssl),
+                    'use_tls': bool(use_tls),
+                    'sender_name': sender_name,
+                    'sender_email': sender_email,
+                    'is_primary': bool(is_primary)
+                }
+
+            return None


 def _update_smtp_stats(config_id: int, success: bool, error: str = ''):
-    """更新SMTP配置的统计信息"""
+    """更新SMTP配置的统计信息
+
+    注意：daily_sent已在_get_available_smtp_config中预增，
+    成功时只更新success_count，失<EFBC8C><E5A4B1>时需要回退daily_sent
+    """
    with db_pool.get_db() as conn:
        cursor = conn.cursor()

        if success:
+            # 成功：只更新成功计数（daily_sent已在获取配置时预增）
            cursor.execute("""
                UPDATE smtp_configs
-                SET daily_sent = daily_sent + 1,
-                    success_count = success_count + 1,
+                SET success_count = success_count + 1,
                    last_success_at = CURRENT_TIMESTAMP,
                    last_error = '',
                    updated_at = CURRENT_TIMESTAMP
                WHERE id = ?
            """, (config_id,))
        else:
+            # 失败：回退daily_sent并更新失败计数
            cursor.execute("""
                UPDATE smtp_configs
-                SET fail_count = fail_count + 1,
+                SET daily_sent = MAX(0, daily_sent - 1),
+                    fail_count = fail_count + 1,
                    last_error = ?,
                    updated_at = CURRENT_TIMESTAMP
                WHERE id = ?
@@ -765,46 +785,59 @@ def send_email(


 def _get_next_available_smtp_config(exclude_ids: List[int]) -> Optional[Dict[str, Any]]:
-    """获取下一个可用的SMTP配置（排除已尝试的）"""
+    """获取下一个可用的SMTP配置（排除已尝试的，线程安全）"""
    today = datetime.now().strftime('%Y-%m-%d')

-    with db_pool.get_db() as conn:
-        cursor = conn.cursor()
+    with _smtp_config_lock:  # 使用锁保护
+        with db_pool.get_db() as conn:
+            cursor = conn.cursor()

-        placeholders = ','.join(['?' for _ in exclude_ids])
-        cursor.execute(f"""
-            SELECT id, name, host, port, username, password, use_ssl, use_tls,
-                   sender_name, sender_email, daily_limit, daily_sent, is_primary
-            FROM smtp_configs
-            WHERE enabled = 1 AND id NOT IN ({placeholders})
-            ORDER BY is_primary DESC, priority ASC, id ASC
-            LIMIT 1
-        """, exclude_ids)
+            placeholders = ','.join(['?' for _ in exclude_ids])
+            cursor.execute(f"""
+                SELECT id, name, host, port, username, password, use_ssl, use_tls,
+                       sender_name, sender_email, daily_limit, daily_sent, is_primary
+                FROM smtp_configs
+                WHERE enabled = 1 AND id NOT IN ({placeholders})
+                ORDER BY is_primary DESC, priority ASC, id ASC
+                LIMIT 1
+            """, exclude_ids)

-        row = cursor.fetchone()
-        if not row:
-            return None
+            row = cursor.fetchone()
+            if not row:
+                return None

-        config_id, name, host, port, username, password, use_ssl, use_tls, \
-            sender_name, sender_email, daily_limit, daily_sent, is_primary = row
+            config_id, name, host, port, username, password, use_ssl, use_tls, \
+                sender_name, sender_email, daily_limit, daily_sent, is_primary = row

-        # 检查每日限额
-        if daily_limit > 0 and daily_sent >= daily_limit:
-            return _get_next_available_smtp_config(exclude_ids + [config_id])
+            # 检查每日限额
+            if daily_limit > 0 and daily_sent >= daily_limit:
+                # 递归调用在锁外进行，避免死锁
+                pass
+            else:
+                # 预增计数
+                cursor.execute("""
+                    UPDATE smtp_configs
+                    SET daily_sent = daily_sent + 1
+                    WHERE id = ?
+                """, (config_id,))
+                conn.commit()

-        return {
-            'id': config_id,
-            'name': name,
-            'host': host,
-            'port': port,
-            'username': username,
-            'password': decrypt_password(password) if password else '',
-            'use_ssl': bool(use_ssl),
-            'use_tls': bool(use_tls),
-            'sender_name': sender_name,
-            'sender_email': sender_email,
-            'is_primary': bool(is_primary)
-        }
+                return {
+                    'id': config_id,
+                    'name': name,
+                    'host': host,
+                    'port': port,
+                    'username': username,
+                    'password': decrypt_password(password) if password else '',
+                    'use_ssl': bool(use_ssl),
+                    'use_tls': bool(use_tls),
+                    'sender_name': sender_name,
+                    'sender_email': sender_email,
+                    'is_primary': bool(is_primary)
+                }
+
+    # 递归调用在锁外进行
+    return _get_next_available_smtp_config(exclude_ids + [config_id])


 def test_smtp_config(config_id: int, test_email: str) -> Dict[str, Any]: