fix(proxy): harden error handling and input validation

- Handle RwLock poisoning in settings.rs with unwrap_or_else - Add fallback for dirs::home_dir() in config modules - Normalize localhost to 127.0.0.1 in ProxyPanel - Format IPv6 addresses with brackets for valid URLs - Strict port validation with pure digit regex - Treat NaN as validation failure in config panels - Log warning on cost_multiplier parse failure - Align timeoutSeconds range to [0, 300] across all panels
2026-05-03 17:49:46 +08:00 · 2026-01-11 16:45:05 +08:00
parent d33f99aca4
commit c5d3732b9f
9 changed files with 118 additions and 59 deletions
--- a/src-tauri/src/codex_config.rs
+++ b/src-tauri/src/codex_config.rs
@@ -9,13 +9,21 @@ use serde_json::Value;
 use std::fs;
 use std::path::Path;

+/// 获取用户主目录，带回退和日志
+fn get_home_dir() -> PathBuf {
+    dirs::home_dir().unwrap_or_else(|| {
+        log::warn!("无法获取用户主目录，回退到当前目录");
+        PathBuf::from(".")
+    })
+}
+
 /// 获取 Codex 配置目录路径
 pub fn get_codex_config_dir() -> PathBuf {
    if let Some(custom) = crate::settings::get_codex_override_dir() {
        return custom;
    }

-    dirs::home_dir().expect("无法获取用户主目录").join(".codex")
+    get_home_dir().join(".codex")
 }

 /// 获取 Codex auth.json 路径
--- a/src-tauri/src/config.rs
+++ b/src-tauri/src/config.rs
@@ -5,22 +5,26 @@ use std::path::{Path, PathBuf};

 use crate::error::AppError;

+/// 获取用户主目录，带回退和日志
+fn get_home_dir() -> PathBuf {
+    dirs::home_dir().unwrap_or_else(|| {
+        log::warn!("无法获取用户主目录，回退到当前目录");
+        PathBuf::from(".")
+    })
+}
+
 /// 获取 Claude Code 配置目录路径
 pub fn get_claude_config_dir() -> PathBuf {
    if let Some(custom) = crate::settings::get_claude_override_dir() {
        return custom;
    }

-    dirs::home_dir()
-        .expect("无法获取用户主目录")
-        .join(".claude")
+    get_home_dir().join(".claude")
 }

 /// 默认 Claude MCP 配置文件路径 (~/.claude.json)
 pub fn get_default_claude_mcp_path() -> PathBuf {
-    dirs::home_dir()
-        .expect("无法获取用户主目录")
-        .join(".claude.json")
+    get_home_dir().join(".claude.json")
 }

 fn derive_mcp_path_from_override(dir: &Path) -> Option<PathBuf> {
--- a/src-tauri/src/gemini_config.rs
+++ b/src-tauri/src/gemini_config.rs
@@ -5,15 +5,21 @@ use std::collections::HashMap;
 use std::fs;
 use std::path::PathBuf;

+/// 获取用户主目录，带回退和日志
+fn get_home_dir() -> PathBuf {
+    dirs::home_dir().unwrap_or_else(|| {
+        log::warn!("无法获取用户主目录，回退到当前目录");
+        PathBuf::from(".")
+    })
+}
+
 /// 获取 Gemini 配置目录路径（支持设置覆盖）
 pub fn get_gemini_dir() -> PathBuf {
    if let Some(custom) = crate::settings::get_gemini_override_dir() {
        return custom;
    }

-    dirs::home_dir()
-        .expect("无法获取用户主目录")
-        .join(".gemini")
+    get_home_dir().join(".gemini")
 }

 /// 获取 Gemini .env 文件路径
--- a/src-tauri/src/proxy/handlers.rs
+++ b/src-tauri/src/proxy/handlers.rs
@@ -456,7 +456,12 @@ async fn log_usage(
        Ok(Some(p)) => {
            if let Some(meta) = p.meta {
                if let Some(cm) = meta.cost_multiplier {
-                    Decimal::from_str(&cm).unwrap_or(Decimal::from(1))
+                    Decimal::from_str(&cm).unwrap_or_else(|e| {
+                        log::warn!(
+                            "cost_multiplier 解析失败 (provider_id={provider_id}): {cm} - {e}"
+                        );
+                        Decimal::from(1)
+                    })
                } else {
                    Decimal::from(1)
                }
--- a/src-tauri/src/proxy/response_processor.rs
+++ b/src-tauri/src/proxy/response_processor.rs
@@ -372,7 +372,12 @@ async fn log_usage_internal(
        Ok(Some(p)) => {
            if let Some(meta) = p.meta {
                if let Some(cm) = meta.cost_multiplier {
-                    Decimal::from_str(&cm).unwrap_or(Decimal::from(1))
+                    Decimal::from_str(&cm).unwrap_or_else(|e| {
+                        log::warn!(
+                            "cost_multiplier 解析失败 (provider_id={provider_id}): {cm} - {e}"
+                        );
+                        Decimal::from(1)
+                    })
                } else {
                    Decimal::from(1)
                }
--- a/src-tauri/src/settings.rs
+++ b/src-tauri/src/settings.rs
@@ -194,14 +194,23 @@ fn resolve_override_path(raw: &str) -> PathBuf {
 }

 pub fn get_settings() -> AppSettings {
-    settings_store().read().expect("读取设置锁失败").clone()
+    settings_store()
+        .read()
+        .unwrap_or_else(|e| {
+            log::warn!("设置锁已毒化，使用恢复值: {e}");
+            e.into_inner()
+        })
+        .clone()
 }

 pub fn update_settings(mut new_settings: AppSettings) -> Result<(), AppError> {
    new_settings.normalize_paths();
    save_settings_file(&new_settings)?;

-    let mut guard = settings_store().write().expect("写入设置锁失败");
+    let mut guard = settings_store().write().unwrap_or_else(|e| {
+        log::warn!("设置锁已毒化，使用恢复值: {e}");
+        e.into_inner()
+    });
    *guard = new_settings;
    Ok(())
 }
@@ -210,7 +219,10 @@ pub fn update_settings(mut new_settings: AppSettings) -> Result<(), AppError> {
 /// 用于导入配置等场景，确保内存缓存与文件同步
 pub fn reload_settings() -> Result<(), AppError> {
    let fresh_settings = AppSettings::load_from_file();
-    let mut guard = settings_store().write().expect("写入设置锁失败");
+    let mut guard = settings_store().write().unwrap_or_else(|e| {
+        log::warn!("设置锁已毒化，使用恢复值: {e}");
+        e.into_inner()
+    });
    *guard = fresh_settings;
    Ok(())
 }