From 1d5e05b8cadcab00b6d02b4c9cad5e8b168e1fbb Mon Sep 17 00:00:00 2001
From: IanShaw027 <131567472+IanShaw027@users.noreply.github.com>
Date: Thu, 1 Jan 2026 15:35:08 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20P0=20=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8=E5=92=8C=E5=B9=B6=E5=8F=91=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修复敏感信息泄露：移除 Drive API 完整响应体打印，只记录状态码
- 修复并发安全问题：升级为 RWMutex，读写分离提升性能
- 修复资源泄漏风险：使用 defer 确保 resp.Body 正确关闭
---
 backend/internal/pkg/geminicli/drive_client.go | 10 ++++++----
 backend/internal/service/ratelimit_service.go  |  6 +++---
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/backend/internal/pkg/geminicli/drive_client.go b/backend/internal/pkg/geminicli/drive_client.go
index 8f9c745f..a6cbc3ab 100644
--- a/backend/internal/pkg/geminicli/drive_client.go
+++ b/backend/internal/pkg/geminicli/drive_client.go
@@ -94,10 +94,12 @@ func (c *driveClient) GetStorageQuota(ctx context.Context, accessToken, proxyURL
 			resp.StatusCode == http.StatusInternalServerError ||
 			resp.StatusCode == http.StatusBadGateway ||
 			resp.StatusCode == http.StatusServiceUnavailable) && attempt < maxRetries-1 {
-			_ = resp.Body.Close()
-			backoff := time.Duration(1<<uint(attempt)) * time.Second
-			jitter := time.Duration(rng.Intn(1000)) * time.Millisecond
-			if err := sleepWithContext(backoff + jitter); err != nil {
+			if err := func() error {
+				defer func() { _ = resp.Body.Close() }()
+				backoff := time.Duration(1<<uint(attempt)) * time.Second
+				jitter := time.Duration(rng.Intn(1000)) * time.Millisecond
+				return sleepWithContext(backoff + jitter)
+			}(); err != nil {
 				return nil, fmt.Errorf("request cancelled: %w", err)
 			}
 			continue
diff --git a/backend/internal/service/ratelimit_service.go b/backend/internal/service/ratelimit_service.go
index 0511d950..57d606fb 100644
--- a/backend/internal/service/ratelimit_service.go
+++ b/backend/internal/service/ratelimit_service.go
@@ -18,7 +18,7 @@ type RateLimitService struct {
 	usageRepo          UsageLogRepository
 	cfg                *config.Config
 	geminiQuotaService *GeminiQuotaService
-	usageCacheMu       sync.Mutex
+	usageCacheMu       sync.RWMutex
 	usageCache         map[int64]*geminiUsageCacheEntry
 }
 
@@ -138,8 +138,8 @@ func (s *RateLimitService) PreCheckUsage(ctx context.Context, account *Account,
 }
 
 func (s *RateLimitService) getGeminiUsageTotals(accountID int64, windowStart, now time.Time) (GeminiUsageTotals, bool) {
-	s.usageCacheMu.Lock()
-	defer s.usageCacheMu.Unlock()
+	s.usageCacheMu.RLock()
+	defer s.usageCacheMu.RUnlock()
 
 	if s.usageCache == nil {
 		return GeminiUsageTotals{}, false