Fix bugs, add log rotation, and optimize hot paths

- Fix AttributeError crash on empty request body in md5, hasher, textdiff, jwtdecoder, timestamp, passwordgen (get_json without silent=True / or {}) - Fix memory exhaustion in ipcalc: replace list(network.hosts()) with direct arithmetic — safe for /8 and larger networks - Fix O(1M) loop in cronexplainer.get_next_runs: rewrite to skip by month/day/hour instead of iterating every minute - Fix connection leak in notes.ensure_table: add try/finally around conn.close - Fix admin._ensure_tables / notes._ensure_table running DDL on every request: guard with module-level flags (_tables_initialized, _table_ready) - Fix update_website returning 200 when no row matched; delete_website returning success when nothing was deleted; add rowcount checks for both - Add role validation in admin create_user / update_user (_VALID_ROLES guard) - Add delimiter length guard in csvviewer (csv.reader requires single char) - Fix loremipsum: wrap int(count) in try/except ValueError → 400 response - Fix auth/token: use auth_header[7:] instead of fragile .replace() - Fix app.py: remove duplicate import sys; cache DB liveness check with 30s TTL to avoid a new TCP connection on every frontend page load; move api/setup path guard before DB check - Replace FileHandler with RotatingFileHandler (5 MB / 3 backups) in logger; fix relative log paths to absolute paths anchored to __file__ - Wrap all DB connections in try/finally conn.close() throughout admin and notes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 10:06:29 +02:00
parent 31494c9dab
commit 98bb34f094
15 changed files with 363 additions and 196 deletions
@@ -6,24 +6,32 @@ from auth.token import verify_token

 notes_blueprint = Blueprint('notes_tool', __name__)

+_table_ready = False

-def ensure_table():
+
+def _ensure_table():
+    global _table_ready
+    if _table_ready:
+        return
    conn = get_connection()
-    cursor = conn.cursor()
-    cursor.execute("""
-        CREATE TABLE IF NOT EXISTS notes (
-            id INT AUTO_INCREMENT PRIMARY KEY,
-            user_id INT NOT NULL,
-            title VARCHAR(255) NOT NULL,
-            content TEXT,
-            language VARCHAR(50) DEFAULT 'text',
-            created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
-            updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
-        )
-    """)
-    conn.commit()
-    cursor.close()
-    conn.close()
+    try:
+        cursor = conn.cursor()
+        cursor.execute("""
+            CREATE TABLE IF NOT EXISTS notes (
+                id INT AUTO_INCREMENT PRIMARY KEY,
+                user_id INT NOT NULL,
+                title VARCHAR(255) NOT NULL,
+                content TEXT,
+                language VARCHAR(50) DEFAULT 'text',
+                created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+                updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
+            )
+        """)
+        conn.commit()
+        cursor.close()
+        _table_ready = True
+    finally:
+        conn.close()


@notes_blueprint.route('/api/notes', methods=['GET'])
@@ -32,16 +40,18 @@ def get_notes():
    if not user:
        return jsonify({"message": "Nicht autorisiert"}), 401
    try:
-        ensure_table()
+        _ensure_table()
        conn = get_connection()
-        cursor = conn.cursor(dictionary=True)
-        cursor.execute(
-            "SELECT id, title, content, language, created_at, updated_at FROM notes WHERE user_id = %s ORDER BY updated_at DESC",
-            (user['id'],)
-        )
-        notes = cursor.fetchall()
-        cursor.close()
-        conn.close()
+        try:
+            cursor = conn.cursor(dictionary=True)
+            cursor.execute(
+                "SELECT id, title, content, language, created_at, updated_at FROM notes WHERE user_id = %s ORDER BY updated_at DESC",
+                (user['id'],)
+            )
+            notes = cursor.fetchall()
+            cursor.close()
+        finally:
+            conn.close()
        for n in notes:
            if n.get('created_at'):
                n['created_at'] = n['created_at'].isoformat()
@@ -59,22 +69,24 @@ def create_note():
    if not user:
        return jsonify({"message": "Nicht autorisiert"}), 401
    try:
-        ensure_table()
-        data = request.get_json() or {}
+        _ensure_table()
+        data = request.get_json(silent=True) or {}
        title = data.get("title", "Neue Notiz").strip() or "Neue Notiz"
        content = data.get("content", "")
        language = data.get("language", "text")

        conn = get_connection()
-        cursor = conn.cursor()
-        cursor.execute(
-            "INSERT INTO notes (user_id, title, content, language) VALUES (%s, %s, %s, %s)",
-            (user['id'], title, content, language)
-        )
-        conn.commit()
-        note_id = cursor.lastrowid
-        cursor.close()
-        conn.close()
+        try:
+            cursor = conn.cursor()
+            cursor.execute(
+                "INSERT INTO notes (user_id, title, content, language) VALUES (%s, %s, %s, %s)",
+                (user['id'], title, content, language)
+            )
+            conn.commit()
+            note_id = cursor.lastrowid
+            cursor.close()
+        finally:
+            conn.close()

        logger.info(f"Notiz erstellt von {user['username']}: id={note_id}")
        return jsonify({"id": note_id, "title": title, "content": content, "language": language})
@@ -89,22 +101,25 @@ def update_note(note_id):
    if not user:
        return jsonify({"message": "Nicht autorisiert"}), 401
    try:
-        data = request.get_json() or {}
+        _ensure_table()
+        data = request.get_json(silent=True) or {}
        title = data.get("title", "").strip() or "Neue Notiz"
        content = data.get("content", "")
        language = data.get("language", "text")
        now = datetime.now(timezone.utc).replace(tzinfo=None)

        conn = get_connection()
-        cursor = conn.cursor()
-        cursor.execute(
-            "UPDATE notes SET title=%s, content=%s, language=%s, updated_at=%s WHERE id=%s AND user_id=%s",
-            (title, content, language, now, note_id, user['id'])
-        )
-        conn.commit()
-        affected = cursor.rowcount
-        cursor.close()
-        conn.close()
+        try:
+            cursor = conn.cursor()
+            cursor.execute(
+                "UPDATE notes SET title=%s, content=%s, language=%s, updated_at=%s WHERE id=%s AND user_id=%s",
+                (title, content, language, now, note_id, user['id'])
+            )
+            conn.commit()
+            affected = cursor.rowcount
+            cursor.close()
+        finally:
+            conn.close()

        if affected == 0:
            return jsonify({"message": "Notiz nicht gefunden"}), 404
@@ -120,16 +135,19 @@ def delete_note(note_id):
    if not user:
        return jsonify({"message": "Nicht autorisiert"}), 401
    try:
+        _ensure_table()
        conn = get_connection()
-        cursor = conn.cursor()
-        cursor.execute(
-            "DELETE FROM notes WHERE id=%s AND user_id=%s",
-            (note_id, user['id'])
-        )
-        conn.commit()
-        affected = cursor.rowcount
-        cursor.close()
-        conn.close()
+        try:
+            cursor = conn.cursor()
+            cursor.execute(
+                "DELETE FROM notes WHERE id=%s AND user_id=%s",
+                (note_id, user['id'])
+            )
+            conn.commit()
+            affected = cursor.rowcount
+            cursor.close()
+        finally:
+            conn.close()

        if affected == 0:
            return jsonify({"message": "Notiz nicht gefunden"}), 404