fix(memory): fix problems

- Parameterize SKIP/LIMIT in Cypher query instead of f-string interpolation - Add UUID format validation in validate_end_user_in_workspace before DB query - Update limit/depth Query descriptions to clarify auto-cap behavior in service layer - Move uuid import to module level in api_key_utils.py Modified files: - api/app/services/memory_explicit_service.py - api/app/core/api_key_utils.py - api/app/controllers/service/user_memory_api_controller.py
2026-04-23 16:29:22 +08:00
parent aac89b172f
commit 7ac0eff0b8
3 changed files with 15 additions and 3 deletions
--- a/api/app/controllers/service/user_memory_api_controller.py
+++ b/api/app/controllers/service/user_memory_api_controller.py
@@ -44,8 +44,8 @@ async def get_graph_data(
    request: Request,
    end_user_id: str = Query(..., description="End user ID"),
    node_types: Optional[str] = Query(None, description="Comma-separated node types filter"),
-    limit: int = Query(100, description="Max nodes to return, capped at 1000"),
-    depth: int = Query(1, description="Graph traversal depth, capped at 3"),
+    limit: int = Query(100, description="Max nodes to return (auto-capped at 1000 in service layer)"),
+    depth: int = Query(1, description="Graph traversal depth (auto-capped at 3 in service layer)"),
    center_node_id: Optional[str] = Query(None, description="Center node for subgraph"),
    api_key_auth: ApiKeyAuth = None,
    db: Session = Depends(get_db),
--- a/api/app/core/api_key_utils.py
+++ b/api/app/core/api_key_utils.py
@@ -1,5 +1,6 @@
 """API Key 工具函数"""
 import secrets
+import uuid as _uuid
 from typing import Optional, Union
 from datetime import datetime

@@ -112,9 +113,18 @@ def validate_end_user_in_workspace(
        EndUser ORM 对象（校验通过时）

    Raises:
+        BusinessException(INVALID_PARAMETER): end_user_id 格式无效
        BusinessException(USER_NOT_FOUND): end_user 不存在
        BusinessException(PERMISSION_DENIED): end_user 不属于该 workspace
    """
+    try:
+        _uuid.UUID(end_user_id)
+    except (ValueError, AttributeError):
+        raise _BusinessException(
+            f"Invalid end_user_id format: {end_user_id}",
+            _BizCode.INVALID_PARAMETER,
+        )
+
    end_user_repo = _EndUserRepository(db)
    end_user = end_user_repo.get_end_user_by_id(end_user_id)

--- a/api/app/services/memory_explicit_service.py
+++ b/api/app/services/memory_explicit_service.py
@@ -256,8 +256,10 @@ class MemoryExplicitService(MemoryBaseService):
                s.content AS content,
                s.created_at AS created_at
            ORDER BY s.created_at DESC
-            SKIP {skip} LIMIT {pagesize}
+            SKIP $skip LIMIT $limit
            """
+            params["skip"] = skip
+            params["limit"] = pagesize

            result = await self.neo4j_connector.execute_query(data_query, **params)