feat(backend): harden task boundaries

2026-06-17 05:56:29 +00:00 · 2026-05-05 00:55:29 +08:00
parent 817540f8a0
commit e243dccfd7
15 changed files with 694 additions and 147 deletions
@@ -1,7 +1,7 @@
 from datetime import datetime
 from typing import TYPE_CHECKING

-from sqlalchemy import Boolean, DateTime, ForeignKey, Index, String, Text
+from sqlalchemy import Boolean, DateTime, ForeignKey, Index, String, Text, UniqueConstraint
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 from sqlalchemy.sql import func

@@ -23,6 +23,12 @@ class CheckInTask(Base):
        index=True,
        comment="用户 ID",
    )
+    thread_id: Mapped[str | None] = mapped_column(
+        String(100),
+        index=True,
+        nullable=True,
+        comment="接龙项目 ID",
+    )
    payload_config: Mapped[str] = mapped_column(
        Text,
        default="{}",
@@ -57,6 +63,7 @@ class CheckInTask(Base):
    # 添加索引：加速查询
    __table_args__ = (
        Index("ix_task_user_active", "user_id", "is_active"),
+        UniqueConstraint("user_id", "thread_id", name="uq_task_user_thread_id"),
        Index("ix_task_cron", "cron_expression"),  # 加速查询启用了定时打卡的任务
    )

@@ -1,6 +1,6 @@
 from datetime import datetime, timezone

-from sqlalchemy import create_engine, event
+from sqlalchemy import DateTime, create_engine, event, inspect
 from sqlalchemy.orm import DeclarativeBase, sessionmaker

 from backend.config import settings
@@ -24,21 +24,23 @@ class Base(DeclarativeBase):
@event.listens_for(Base, "load", propagate=True)
 def receive_load(target, context):
    """在从数据库加载对象后，将所有 datetime 字段转换为 timezone-aware (UTC)"""
-    for attr_name in dir(target):
-        # 跳过私有属性和方法
-        if attr_name.startswith("_"):
+    mapper = inspect(target).mapper
+    for attr in mapper.column_attrs:
+        column = attr.columns[0]
+        if not isinstance(column.type, DateTime):
            continue

        try:
-            attr_value = getattr(target, attr_name)
-
-            # 如果是 naive datetime，添加 UTC timezone
-            if isinstance(attr_value, datetime) and attr_value.tzinfo is None:
-                setattr(target, attr_name, attr_value.replace(tzinfo=timezone.utc))
+            attr_value = getattr(target, attr.key)
        except (AttributeError, TypeError):
-            # 某些属性可能无法访问或设置，跳过
            continue

+        if isinstance(attr_value, datetime) and attr_value.tzinfo is None:
+            try:
+                setattr(target, attr.key, attr_value.replace(tzinfo=timezone.utc))
+            except (AttributeError, TypeError):
+                continue
+

 def get_db():
    """依赖注入：获取数据库会话"""