fix: 修复 P0 安全和并发问题

- 修复敏感信息泄露：移除 Drive API 完整响应体打印，只记录状态码 - 修复并发安全问题：升级为 RWMutex，读写分离提升性能 - 修复资源泄漏风险：使用 defer 确保 resp.Body 正确关闭
2026-01-01 15:35:08 +08:00
parent c63192fcb5
commit 1d5e05b8ca
2 changed files with 9 additions and 7 deletions
--- a/backend/internal/pkg/geminicli/drive_client.go
+++ b/backend/internal/pkg/geminicli/drive_client.go
@@ -94,10 +94,12 @@ func (c *driveClient) GetStorageQuota(ctx context.Context, accessToken, proxyURL
 			resp.StatusCode == http.StatusInternalServerError ||
 			resp.StatusCode == http.StatusBadGateway ||
 			resp.StatusCode == http.StatusServiceUnavailable) && attempt < maxRetries-1 {
-			_ = resp.Body.Close()
-			backoff := time.Duration(1<<uint(attempt)) * time.Second
-			jitter := time.Duration(rng.Intn(1000)) * time.Millisecond
-			if err := sleepWithContext(backoff + jitter); err != nil {
+			if err := func() error {
+				defer func() { _ = resp.Body.Close() }()
+				backoff := time.Duration(1<<uint(attempt)) * time.Second
+				jitter := time.Duration(rng.Intn(1000)) * time.Millisecond
+				return sleepWithContext(backoff + jitter)
+			}(); err != nil {
 				return nil, fmt.Errorf("request cancelled: %w", err)
 			}
 			continue
--- a/backend/internal/service/ratelimit_service.go
+++ b/backend/internal/service/ratelimit_service.go
@@ -18,7 +18,7 @@ type RateLimitService struct {
 	usageRepo          UsageLogRepository
 	cfg                *config.Config
 	geminiQuotaService *GeminiQuotaService
-	usageCacheMu       sync.Mutex
+	usageCacheMu       sync.RWMutex
 	usageCache         map[int64]*geminiUsageCacheEntry
 }

@@ -138,8 +138,8 @@ func (s *RateLimitService) PreCheckUsage(ctx context.Context, account *Account,
 }

 func (s *RateLimitService) getGeminiUsageTotals(accountID int64, windowStart, now time.Time) (GeminiUsageTotals, bool) {
-	s.usageCacheMu.Lock()
-	defer s.usageCacheMu.Unlock()
+	s.usageCacheMu.RLock()
+	defer s.usageCacheMu.RUnlock()

 	if s.usageCache == nil {
 		return GeminiUsageTotals{}, false