refactor(backend): optimize database safety, validator performance, and scheduler concurrency

- Fix SQL injection risks in proxy_repo and task_repo - Atomic acquire_pending with UPDATE ... RETURNING - Reuse aiohttp ClientSession in ValidatorService - Replace polling with asyncio.Event in SchedulerService - Optimize ValidationQueue.drain with asyncio.Condition - Concurrent plugin crawling with asyncio.gather - Unify ProxyRaw model import path - Fix test baseline and remove tracked __pycache__ files
2026-04-04 14:43:31 +08:00
parent abb8b32ed3
commit 635c524a7e
27 changed files with 103 additions and 89 deletions
--- a/app/repositories/proxy_repo.py
+++ b/app/repositories/proxy_repo.py
@@ -190,7 +190,12 @@ class ProxyRepository:
            params.append(max_score)

        where_clause = " AND ".join(conditions)
-        order_clause = f"{sort_by} {sort_order}"
+        allowed_sort_by = {"ip", "port", "protocol", "score", "last_check"}
+        allowed_sort_order = {"ASC", "DESC"}
+        if sort_by not in allowed_sort_by or sort_order.upper() not in allowed_sort_order:
+            order_clause = "last_check DESC"
+        else:
+            order_clause = f"{sort_by} {sort_order.upper()}"
        offset = (page - 1) * page_size

        count_query = f"SELECT COUNT(*) FROM proxies WHERE {where_clause}"
@@ -268,7 +273,8 @@ class ProxyRepository:
    async def clean_expired(db: aiosqlite.Connection, days: int) -> int:
        try:
            await db.execute(
-                "DELETE FROM proxies WHERE last_check < datetime('now', '-{} days')".format(days)
+                "DELETE FROM proxies WHERE last_check < datetime('now', '-' || ? || ' days')",
+                (days,),
            )
            await db.commit()
            return db.total_changes