Enhance database handling and improve HTML safety across the bot. Added async methods for blacklist checks, updated connection settings for SQLite, and implemented HTML escaping for user inputs and messages to prevent potential issues. Adjusted middleware latency and refactored various handlers for better performance and reliability.

2025-08-26 16:51:28 +03:00
parent 7b6abe2a0e
commit fee22f8ad4
17 changed files with 308 additions and 77 deletions
--- a/helper_bot/middlewares/album_middleware.py
+++ b/helper_bot/middlewares/album_middleware.py
@@ -6,7 +6,7 @@ from aiogram.types import Message


 class AlbumMiddleware(BaseMiddleware):
-    def __init__(self, latency: Union[int, float] = 0.1):
+    def __init__(self, latency: Union[int, float] = 0.01):  # Уменьшено с 0.1 до 0.01
        # Initialize latency and album_data dictionary
        self.latency = latency
        self.album_data = {}
--- a/helper_bot/middlewares/blacklist_middleware.py
+++ b/helper_bot/middlewares/blacklist_middleware.py
@@ -1,4 +1,5 @@
 from typing import Dict, Any
+import html

 from aiogram import BaseMiddleware, types
 from helper_bot.utils.base_dependency_factory import get_global_instance
@@ -11,11 +12,15 @@ BotDB = bdf.get_db()
 class BlacklistMiddleware(BaseMiddleware):
    async def __call__(self, handler, event: types.Message, data: Dict[str, Any]) -> Any:
        logger.info(f'Вызов BlacklistMiddleware для пользователя {event.from_user.username}')
-        if BotDB.check_user_in_blacklist(user_id=event.from_user.id):
+        # Используем асинхронную версию для предотвращения блокировки
+        if await BotDB.check_user_in_blacklist_async(user_id=event.from_user.id):
            logger.info(f'BlacklistMiddleware результат для пользователя: {event.from_user.username} заблокирован!')
-            user_info = BotDB.get_blacklist_users_by_id(event.from_user.id)
+            user_info = await BotDB.get_blacklist_users_by_id_async(event.from_user.id)
+            # Экранируем потенциально проблемные символы
+            reason = html.escape(str(user_info[2])) if user_info[2] else "Не указана"
+            date_unban = html.escape(str(user_info[3])) if user_info[3] else "Не указана"
            await event.answer(
-                f"<b>Ты заблокирован.</b>\n<b>Причина блокировки:</b> {user_info[2]}\n<b>Дата разбана:</b> {user_info[3]}")
+                f"<b>Ты заблокирован.</b>\n<b>Причина блокировки:</b> {reason}\n<b>Дата разбана:</b> {date_unban}")
            return False
        logger.info(f'BlacklistMiddleware результат для пользователя: {event.from_user.username} доступ разрешен')
        return await handler(event, data)
--- a/helper_bot/middlewares/text_middleware.py
+++ b/helper_bot/middlewares/text_middleware.py
@@ -7,7 +7,7 @@ from aiogram.types import Message


 class BulkTextMiddleware(BaseMiddleware):
-    def __init__(self, latency: Union[int, float] = 0.1):
+    def __init__(self, latency: Union[int, float] = 0.01):  # Уменьшено с 0.1 до 0.01
        # Initialize latency and album_data dictionary
        self.latency = latency
        self.texts = defaultdict(list)