fix(handler): 修复 gjson 迁移后的请求校验语义回退

- OpenAI handler: 添加 gjson.ValidBytes 校验 JSON 合法性；model 校验改为检查 gjson.String 类型而非仅判断非空（拒绝 model:123 等非法类型）；stream 字段添加 True/False 类型检查；sjson.SetBytes 返回值显式处理错误 - Sora handler: 添加 gjson.ValidBytes 校验；model 校验同上改为类型检查； messages 校验从 Exists+Type==JSON 改为 IsArray+len>0（拒绝空数组和对象） - 补充 TestOpenAIHandler_GjsonValidation 和更新 TestSoraHandler_ValidationExtraction 覆盖新增的边界校验场景 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-10 09:13:20 +08:00
parent 58912d4ac5
commit 5d1c51a37f
4 changed files with 102 additions and 17 deletions
--- a/backend/internal/handler/sora_gateway_handler.go
+++ b/backend/internal/handler/sora_gateway_handler.go
@@ -106,13 +106,22 @@ func (h *SoraGatewayHandler) ChatCompletions(c *gin.Context) {

 	setOpsRequestContext(c, "", false, body)

+	// 校验请求体 JSON 合法性
+	if !gjson.ValidBytes(body) {
+		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "Failed to parse request body")
+		return
+	}
+
 	// 使用 gjson 只读提取字段做校验，避免完整 Unmarshal
-	reqModel := gjson.GetBytes(body, "model").String()
-	if reqModel == "" {
+	modelResult := gjson.GetBytes(body, "model")
+	if !modelResult.Exists() || modelResult.Type != gjson.String || modelResult.String() == "" {
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "model is required")
 		return
 	}
-	if !gjson.GetBytes(body, "messages").Exists() || gjson.GetBytes(body, "messages").Type != gjson.JSON {
+	reqModel := modelResult.String()
+
+	msgsResult := gjson.GetBytes(body, "messages")
+	if !msgsResult.IsArray() || len(msgsResult.Array()) == 0 {
 		h.errorResponse(c, http.StatusBadRequest, "invalid_request_error", "messages is required")
 		return
 	}