fix(audit): 第二批审计修复 — P0 生产 Bug、安全加固、性能优化、缓存一致性、代码质量

基于 backend-code-audit 审计报告，修复剩余 P0/P1/P2 共 34 项问题： P0 生产 Bug： - 修复 time.Since(time.Now()) 计时逻辑错误 (P0-03) - generateRandomID 改用 crypto/rand 替代固定索引 (P0-04) - IncrementQuotaUsed 重写为 Ent 原子操作消除 TOCTOU 竞态 (P0-05) 安全加固： - gateway/openai handler 错误响应替换为泛化消息，防止内部信息泄露 (P1-14) - usage_log_repo dateFormat 参数改用白名单映射，防止 SQL 注入 (P1-16) - 默认配置安全加固：sslmode=prefer、response_headers=true、mode=release (P1-18/19, P2-15) 性能优化： - gateway handler 循环内 defer 替换为显式 releaseWait 闭包 (P1-02) - group_repo/promo_code_repo Count 前 Clone 查询避免状态污染 (P1-03) - usage_log_repo 四个查询添加 LIMIT 10000 防止 OOM (P1-07) - GetBatchUsageStats 添加时间范围参数，默认最近 30 天 (P1-10) - ip.go CIDR 预编译为包级变量 (P1-11) - BatchUpdateCredentials 重构为先验证后更新 (P1-13) 缓存一致性： - billing_cache 添加 jitteredTTL 防止缓存雪崩 (P2-10) - DeductUserBalance/UpdateSubscriptionUsage 错误传播修复 (P2-12) - UserService.UpdateBalance 成功后异步失效 billingCache (P2-13) 代码质量： - search 截断改为按 rune 处理，支持多字节字符 (P2-01) - TLS Handshake 改为 HandshakeContext 支持 context 取消 (P2-07) - CORS 预检添加 Access-Control-Max-Age: 86400 (P2-16) 测试覆盖： - 新增 user_service_test.go（UpdateBalance 缓存失效 6 个用例） - 新增 batch_update_credentials_test.go（fail-fast + 类型验证 7 个用例） - 新增 response_transformer_test.go、ip_test.go、usage_log_repo_unit_test.go、search_truncate_test.go - 集成测试：IncrementQuotaUsed 并发测试、billing_cache 错误传播测试 - config_test.go 补充 server.mode/sslmode 默认值断言 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 19:46:42 +08:00
parent f6ca701917
commit 2588fa6a8f
36 changed files with 1037 additions and 178 deletions
--- a/backend/internal/handler/admin/account_handler.go
+++ b/backend/internal/handler/admin/account_handler.go
@@ -3,6 +3,7 @@ package admin

 import (
 	"errors"
+	"fmt"
 	"strconv"
 	"strings"
 	"sync"
@@ -738,57 +739,40 @@ func (h *AccountHandler) BatchUpdateCredentials(c *gin.Context) {
 	}

 	ctx := c.Request.Context()
-	success := 0
-	failed := 0
-	results := []gin.H{}

+	// 阶段一：预验证所有账号存在，收集 credentials
+	type accountUpdate struct {
+		ID          int64
+		Credentials map[string]any
+	}
+	updates := make([]accountUpdate, 0, len(req.AccountIDs))
 	for _, accountID := range req.AccountIDs {
-		// Get account
 		account, err := h.adminService.GetAccount(ctx, accountID)
 		if err != nil {
-			failed++
-			results = append(results, gin.H{
-				"account_id": accountID,
-				"success":    false,
-				"error":      "Account not found",
-			})
-			continue
+			response.Error(c, 404, fmt.Sprintf("Account %d not found", accountID))
+			return
 		}
-
-		// Update credentials field
 		if account.Credentials == nil {
 			account.Credentials = make(map[string]any)
 		}
-
 		account.Credentials[req.Field] = req.Value
+		updates = append(updates, accountUpdate{ID: accountID, Credentials: account.Credentials})
+	}

-		// Update account
+	// 阶段二：依次更新，任何失败立即返回（避免部分成功部分失败）
+	for _, u := range updates {
 		updateInput := &service.UpdateAccountInput{
-			Credentials: account.Credentials,
+			Credentials: u.Credentials,
 		}
-
-		_, err = h.adminService.UpdateAccount(ctx, accountID, updateInput)
-		if err != nil {
-			failed++
-			results = append(results, gin.H{
-				"account_id": accountID,
-				"success":    false,
-				"error":      err.Error(),
-			})
-			continue
+		if _, err := h.adminService.UpdateAccount(ctx, u.ID, updateInput); err != nil {
+			response.Error(c, 500, fmt.Sprintf("Failed to update account %d: %v", u.ID, err))
+			return
 		}
-
-		success++
-		results = append(results, gin.H{
-			"account_id": accountID,
-			"success":    true,
-		})
 	}

 	response.Success(c, gin.H{
-		"success": success,
-		"failed":  failed,
-		"results": results,
+		"success": len(updates),
+		"failed":  0,
 	})
 }