fix: 修复CodeReview发现的安全问题和代码质量问题 | fix security and code quality issues identified by CodeReview

- 修复JSON注入漏洞：使用json.Marshal()安全转义字符串内容 - 定义常量CHARS_PER_TOKEN替换硬编码的token估算数字4 - 处理UnmarshalJSON错误，避免静默失败并记录错误日志 - 定义常量替换硬编码的API端点路径，提高可维护性 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-21 07:26:47 +08:00 · 2025-09-28 16:41:48 +08:00
parent e27612a620
commit 48396d3f33
3 changed files with 26 additions and 7 deletions
--- a/relay/controller/anthropic.go
+++ b/relay/controller/anthropic.go
@@ -142,6 +142,12 @@ func getAnthropicRequestBody(c *gin.Context, anthropicRequest *anthropic.Request
 	return bytes.NewBuffer(jsonData), nil
 }

+const (
+	// CHARS_PER_TOKEN represents the rough character-to-token ratio for Anthropic models
+	// This is a conservative estimate: approximately 1 token per 4 characters
+	CHARS_PER_TOKEN = 4
+)
+
 func estimateAnthropicTokens(request *anthropic.Request) int {
 	// Simple token estimation for Anthropic requests
 	// This is a rough estimation, actual implementation might need more sophisticated logic
@@ -150,14 +156,14 @@ func estimateAnthropicTokens(request *anthropic.Request) int {
 	// Count tokens in system prompt
 	if !request.System.IsEmpty() {
 		systemText := request.System.String()
-		totalTokens += len(systemText) / 4 // rough estimate: 1 token per 4 characters
+		totalTokens += len(systemText) / CHARS_PER_TOKEN // rough estimate: 1 token per 4 characters
 	}

 	// Count tokens in messages
 	for _, message := range request.Messages {
 		for _, content := range message.Content {
 			if content.Type == "text" {
-				totalTokens += len(content.Text) / 4
+				totalTokens += len(content.Text) / CHARS_PER_TOKEN
 			}
 		}
 	}