fix: fix config init error

1. fix config init
2. remove passlib

Author: shinonomeow

backend/pyproject.toml

@@ -7,15 +7,14 @@ requires-python = ">=3.11"
 dependencies = [
   "aiolimiter>=1.2.1",
   "alembic>=1.17.2",
-  "bcrypt==4.2.0",
+  "bcrypt>=5.0.0",
   "beautifulsoup4>=4.13.4",
   "bencode-py>=4.0.0",
   "dotenv>=0.9.9",
   "fastapi>=0.116.1",
   "httpx[http2,socks]>=0.28.1",
   "jinja2>=3.1.6",
   "packaging>=25.0",
-  "passlib>=1.7.4",
   "pydantic-settings>=2.0.0",
   "python-jose>=3.5.0",
   "python-multipart>=0.0.20",

backend/src/alembic/versions/002_migrate_to_new_schema.py

@@ -36,6 +36,9 @@ def upgrade() -> None:
         # 删除字段
         batch_op.drop_column("save_path")
 
+    # 清空 poster_link，迁移后重新获取
+    conn.execute(sa.text("UPDATE bangumi SET poster_link = ''"))
+
     # ========== 2. Torrent 表重建 ==========
     # 由于主键变更（id -> url），需要完全重建表
 

backend/src/api/routes/bangumi.py

@@ -1,9 +1,9 @@
 import logging
+import asyncio
 from pathlib import Path
 
 from fastapi import APIRouter, Depends, HTTPException
 from fastapi.responses import FileResponse, JSONResponse
-from sqlalchemy.util.concurrency import asyncio
 
 from module.database import Database, engine
 from module.manager import BangumiManager
@@ -97,7 +97,7 @@ async def delete_rule(bangumi_id: str, file: bool = False):
     response_model=APIResponse,
     dependencies=[Depends(get_current_user)],
 )
-async def delete_many_rule(bangumi_id: list, file: bool = False):
+async def delete_many_rule(bangumi_id: list[int], file: bool = False):
     tasks = []
     for i in bangumi_id:
         tasks.append(BangumiManager().delete_rule(i, file))
@@ -185,29 +185,6 @@ async def refresh_poster():
     return u_response(resp)
 
 
-@router.get(
-    path="/refresh/poster/{bangumi_id}",
-    response_model=APIResponse,
-    dependencies=[Depends(get_current_user)],
-)
-async def refresh_single_poster(bangumi_id: int):
-    resp = await BangumiManager().refind_poster(bangumi_id)
-    if resp:
-        resp = ResponseModel(
-            status_code=200,
-            status=True,
-            msg_en="Refresh poster link successfully.",
-            msg_zh="刷新海报链接成功。",
-        )
-    else:
-        resp = ResponseModel(
-            status_code=406,
-            status=False,
-            msg_en=f"Can't find id {bangumi_id}",
-            msg_zh=f"无法找到 id {bangumi_id}",
-        )
-    return u_response(resp)
-
 
 @router.get("/reset/all", response_model=APIResponse, dependencies=[Depends(get_current_user)])
 async def reset_all():
@@ -224,42 +201,22 @@ async def reset_all():
 
 @router.get("/posters/{path:path}", dependencies=[Depends(get_current_user)])
 async def get_poster(path: str):
-    """
-    安全的poster图片访问端点
-    - 添加了用户鉴权
-    - 防止路径遍历攻击
-    - 限制只能访问posters目录下的文件
-    """
-    # 验证路径安全性 - 阻止路径遍历
-    if ".." in path or path.startswith("/") or "\\" in path:
-        logger.warning(f"[Poster] Blocked path traversal attempt: {path}")
-        raise HTTPException(status_code=400, detail="Invalid path")
-
-    # 构建安全的文件路径
-    poster_dir = Path("data") / Path("posters")
-    post_path = poster_dir / Path(path)
+    poster_dir = (Path("data") / "posters").resolve()
+    post_path = (poster_dir / path).resolve()
 
-    # 确保解析后的路径仍在预期目录内
-    try:
-        post_path.resolve().relative_to(poster_dir.resolve())
-    except ValueError:
-        logger.warning(f"[Poster] Path outside allowed directory: {path}")
-        raise HTTPException(status_code=400, detail="Path outside allowed directory")
+    if not post_path.is_relative_to(poster_dir):
+        raise HTTPException(status_code=400, detail="Invalid path")
 
-    # 如果文件不存在，尝试下载
     if not post_path.exists():
         try:
             await load_image(path)
         except Exception as e:
             logger.warning(f"[Poster] Failed to load image {path}: {e}")
 
-    # 返回文件
-    if post_path.exists() and post_path.is_file():
+    if post_path.is_file():
         return FileResponse(
             post_path,
             media_type="image/jpeg",
-            headers={"Cache-Control": "public, max-age=86400"},  # 缓存1天
+            headers={"Cache-Control": "public, max-age=86400"},
         )
-    else:
-        logger.warning(f"[Poster] File not found: {post_path}")
-        raise HTTPException(status_code=404, detail="Poster not found")
+    raise HTTPException(status_code=404, detail="Poster not found")

backend/src/api/routes/program.py

@@ -95,12 +95,10 @@ async def program_status():
     if not program.program_status.is_running:
         return {
             "status": False,
-            "first_run": program.program_status.first_run,
         }
     else:
         return {
             "status": True,
-            "first_run": program.program_status.first_run,
         }
 
 

backend/src/core/monitors/download_check.py

@@ -2,7 +2,7 @@
 import logging
 
 from module.database import Database
-from module.downloader import Client as download_client
+from module.downloader import get_client
 from models import Bangumi, Torrent
 from module.utils import event_bus
 from module.utils.events import Event, EventBus, EventType
@@ -96,11 +96,11 @@ async def _find_real_hash(self, hash_list: list[str]) -> str | None:
             logger.debug(f"[DownloadCheckMonitor] 检查 hash: {hash_value}")
             for _ in range(3):
                 # 尝试从下载客户端获取种子信息
-                if download_client.downloader_error:
+                if get_client().downloader_error:
                     logger.warning(f"[DownloadCheckMonitor] 下载客户端不可用，跳过检查 hash: {hash_value}")
                     break
                 try:
-                    info = await download_client.get_torrent_info(hash_value)
+                    info = await get_client().get_torrent_info(hash_value)
                     last_exception = None
                     if info:
                         logger.info(f"[DownloadCheckMonitor] 找到真实hash: {hash_value}")

backend/src/core/monitors/download_monitor.py

@@ -3,7 +3,7 @@
 from datetime import datetime, timedelta
 
 from module.database import Database
-from module.downloader import Client as download_client
+from module.downloader import get_client
 from models import Bangumi, Torrent
 from module.utils import event_bus
 from module.utils.events import Event, EventBus, EventType
@@ -131,7 +131,7 @@ async def monitor_torrent(self, bangumi: Bangumi, torrent: Torrent) -> None:
                     break
 
                 # 获取种子信息
-                info = await download_client.get_torrent_info(torrent_hash)
+                info = await get_client().get_torrent_info(torrent_hash)
                 logger.debug(f"[DownloadMonitor] 获取种子信息: {torrent.name} - {torrent_hash}")
 
                 if not info:

backend/src/core/monitors/notification_monitor.py

@@ -1,7 +1,7 @@
 import logging
 from typing import Any
 
-from module.notification import PostNotification,notification_config
+from module.notification import PostNotification, get_notification_config
 from module.utils.events import Event, EventBus, EventType, event_bus
 
 logger = logging.getLogger(__name__)
@@ -17,12 +17,12 @@ def __init__(self):
         self._event_bus: EventBus = event_bus
         self._notification_sender = PostNotification()
         self._running: bool = False
-        self.enable: bool = notification_config.enable
+        self.enable: bool = get_notification_config().enable
 
     async def initialize(self):
         """初始化通知监控器"""
         logger.info("[NotificationMonitor] 初始化通知监控器")
-        self.enable = notification_config.enable
+        self.enable = get_notification_config().enable
         if not self.enable:
             logger.warning("[NotificationMonitor] 通知功能未启用")
             return

backend/src/core/monitors/rename_monitor.py

@@ -1,7 +1,7 @@
 import asyncio
 import logging
 
-from module.rename import Renamer, rename_config
+from module.rename import Renamer, get_rename_config
 from models import Bangumi, Torrent
 from module.utils import event_bus
 from module.utils.events import Event, EventBus, EventType
@@ -20,11 +20,11 @@ def __init__(self):
         self._initialized: bool = False
         # 存储活跃的重命名任务 {torrent_hash: asyncio.Task}
         self.active_rename_tasks: dict[str, asyncio.Task] = {}
-        self.enable: bool = rename_config.enable
+        self.enable: bool = get_rename_config().enable
 
     async def initialize(self) -> None:
         """初始化重命名器"""
-        self.enable = rename_config.enable
+        self.enable = get_rename_config().enable
         if not self.enable:
             logger.warning("[RenameMonitor] 重命名功能未启用")
             return

backend/src/core/program.py

@@ -42,9 +42,10 @@ async def startup(self):
             check_and_upgrade_database()
         except Exception as e:
             logger.error(f"数据库升级过程中出现异常: {e}")
-            raise 
-        # 确保默认用户存在
+            raise
+        # 确保所有表存在（create_all 会跳过已存在的表，只创建缺失的）
         with Database() as db:
+            db.create_table()
             db.user.add_default_user()
         await self.start()
 

backend/src/core/services/download_service.py

@@ -4,7 +4,7 @@
 from typing_extensions import override
 
 from module.database import Database, engine
-from module.downloader import Client as client
+from module.downloader import get_client
 from module.downloader.download_queue import download_queue
 from module.utils import event_bus
 from module.utils.events import Event, EventBus, EventType, ServiceException
@@ -48,7 +48,7 @@ async def execute(self) -> None:
     async def _download(self) -> None:
         """从队列获取并执行下载任务"""
         # 确保下载客户端已登录,没有的话就直接返回
-        if not await client.wait_for_login():
+        if not await get_client().wait_for_login():
             return
 
         queue_size = download_queue.qsize()
@@ -61,7 +61,7 @@ async def _download(self) -> None:
 
         # 执行下载任务
         try:
-            hash_list = await client.add_torrent(torrent, bangumi)
+            hash_list = await get_client().add_torrent(torrent, bangumi)
             # 处理下载结果并发布检查事件
             if hash_list:  # 下载请求已发送，hash列表不为空
                 # 发布下载检查事件，让 DownloadCheckMonitor 验证真实hash
@@ -98,9 +98,7 @@ async def _publish_download_check(self, torrent: Torrent, bangumi: Bangumi, hash
     async def cleanup(self) -> None:
         """清理下载客户端"""
         try:
-            from module.downloader import Client
-
-            await Client.stop()
+            await get_client().stop()
             self._initialized: bool = False
             logger.debug("[DownloadService] 下载客户端已重启")
         except Exception as e: