iven/zclaw_openfang
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(knowledge): verification audit — 3 medium issues

Browse Source 
- create_item: wrap item + version INSERT in transaction for atomicity
- update_item handler: validate content length (100KB) before DB hit
- KnowledgeChunk: document missing embedding field, safe per explicit SELECT usage
This commit is contained in:
iven
2026-04-02 19:16:32 +08:00
parent 7e4b787d5c
commit d40c4605b2
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/zclaw-saas/src/knowledge/handlers.rs
View File

@@ -273,6 +273,12 @@ pub async fn update_item(
) -> SaasResult<Json<serde_json::Value>> {
check_permission(&ctx, "knowledge:write")?;
if let Some(ref content) = req.content {
if content.len() > 100_000 {
return Err(SaasError::InvalidInput("内容不能超过 100KB".into()));
}
}
let updated = service::update_item(&state.db, &id, &ctx.account_id, &req).await?;
// 触发 re-embedding