安全与质量修复: P0-4/P0-5 + P1-6~P1-13 (8项)
P0-4: install.py _write_env() 值加引号转义,防止含#$\等字符的密码破坏.env格式 P0-5: install.py _build_redis_url() URL编码redis密码,防止@:等字符破坏URL解析 P1-6: auth_service.py _decode_access_token() 验证exp/sub声明存在,拒绝畸形JWT P1-7: websocket.py + webssh.py WebSocket JWT验证增加updated_at检查,密码修改后令牌失效 P1-8: auth.py 无refresh_token的logout返回更明确的提示信息 P1-9: install.py create_admin增加_is_installed()检查,防止.env存在后重复创建 P1-10: servers.py server_stats() 改用SQL聚合查询,避免加载全部服务器对象 P1-11: heartbeat_flush.py 移除get_redis()永不返回None的死代码 P1-13: sync_engine_v2.py completed/failed计数器加asyncio.Lock防止并发竞态 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -35,9 +35,6 @@ async def heartbeat_flush_loop():
|
||||
await asyncio.sleep(FLUSH_INTERVAL)
|
||||
|
||||
redis = get_redis()
|
||||
if redis is None:
|
||||
logger.warning("Redis unavailable — skip heartbeat flush")
|
||||
continue
|
||||
|
||||
# Scan all heartbeat:* keys
|
||||
try:
|
||||
|
||||
Reference in New Issue
Block a user