From 7ac0eff0b89c1bbec4ef0b1c1e52031da1de62ad Mon Sep 17 00:00:00 2001 From: miao <1468212639@qq.com> Date: Thu, 23 Apr 2026 16:29:22 +0800 Subject: [PATCH] fix(memory): fix problems - Parameterize SKIP/LIMIT in Cypher query instead of f-string interpolation - Add UUID format validation in validate_end_user_in_workspace before DB query - Update limit/depth Query descriptions to clarify auto-cap behavior in service layer - Move uuid import to module level in api_key_utils.py Modified files: - api/app/services/memory_explicit_service.py - api/app/core/api_key_utils.py - api/app/controllers/service/user_memory_api_controller.py --- .../controllers/service/user_memory_api_controller.py | 4 ++-- api/app/core/api_key_utils.py | 10 ++++++++++ api/app/services/memory_explicit_service.py | 4 +++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/api/app/controllers/service/user_memory_api_controller.py b/api/app/controllers/service/user_memory_api_controller.py index 6d2498c0..ecbdec50 100644 --- a/api/app/controllers/service/user_memory_api_controller.py +++ b/api/app/controllers/service/user_memory_api_controller.py @@ -44,8 +44,8 @@ async def get_graph_data( request: Request, end_user_id: str = Query(..., description="End user ID"), node_types: Optional[str] = Query(None, description="Comma-separated node types filter"), - limit: int = Query(100, description="Max nodes to return, capped at 1000"), - depth: int = Query(1, description="Graph traversal depth, capped at 3"), + limit: int = Query(100, description="Max nodes to return (auto-capped at 1000 in service layer)"), + depth: int = Query(1, description="Graph traversal depth (auto-capped at 3 in service layer)"), center_node_id: Optional[str] = Query(None, description="Center node for subgraph"), api_key_auth: ApiKeyAuth = None, db: Session = Depends(get_db), diff --git a/api/app/core/api_key_utils.py b/api/app/core/api_key_utils.py index 290630ce..7687d8af 100644 --- a/api/app/core/api_key_utils.py +++ b/api/app/core/api_key_utils.py @@ -1,5 +1,6 @@ """API Key 工具函数""" import secrets +import uuid as _uuid from typing import Optional, Union from datetime import datetime @@ -112,9 +113,18 @@ def validate_end_user_in_workspace( EndUser ORM 对象(校验通过时) Raises: + BusinessException(INVALID_PARAMETER): end_user_id 格式无效 BusinessException(USER_NOT_FOUND): end_user 不存在 BusinessException(PERMISSION_DENIED): end_user 不属于该 workspace """ + try: + _uuid.UUID(end_user_id) + except (ValueError, AttributeError): + raise _BusinessException( + f"Invalid end_user_id format: {end_user_id}", + _BizCode.INVALID_PARAMETER, + ) + end_user_repo = _EndUserRepository(db) end_user = end_user_repo.get_end_user_by_id(end_user_id) diff --git a/api/app/services/memory_explicit_service.py b/api/app/services/memory_explicit_service.py index 8da3b167..e640124e 100644 --- a/api/app/services/memory_explicit_service.py +++ b/api/app/services/memory_explicit_service.py @@ -256,8 +256,10 @@ class MemoryExplicitService(MemoryBaseService): s.content AS content, s.created_at AS created_at ORDER BY s.created_at DESC - SKIP {skip} LIMIT {pagesize} + SKIP $skip LIMIT $limit """ + params["skip"] = skip + params["limit"] = pagesize result = await self.neo4j_connector.execute_query(data_query, **params)