aodhan/character-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code review fixes: wardrobe migration, response validation, path traversal guard, deduplication

Browse Source 
- Migrate 11 character JSONs from old wardrobe keys to _BODY_GROUP_KEYS format
- Add is_favourite/is_nsfw columns to Preset model
- Add HTTP response validation and timeouts to ComfyUI client
- Add path traversal protection on replace cover route
- Deduplicate services/mcp.py (4 functions → 2 generic + 2 wrappers)
- Extract apply_library_filters() and clean_html_text() shared helpers
- Add named constants for 17 ComfyUI workflow node IDs
- Fix bare except clauses in services/llm.py
- Fix tags schema in ensure_default_outfit() (list → dict)
- Convert f-string logging to lazy % formatting
- Add 5-minute polling timeout to frontend waitForJob()
- Improve migration error handling (non-duplicate errors log at WARNING)
- Update CLAUDE.md to reflect all changes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Aodhan Collins
2026-03-22 00:31:27 +00:00
parent 55ff58aba6
commit 29a6723b25
37 changed files with 464 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
routes/actions.py
View File

@@ -15,8 +15,8 @@ from services.prompts import build_prompt, _resolve_character, _ensure_character
from services.sync import sync_actions
from services.file_io import get_available_loras
from services.llm import load_prompt, call_llm
from utils import allowed_file, _LORA_DEFAULTS
from routes.shared import register_common_routes
from utils import allowed_file, _LORA_DEFAULTS, clean_html_text
from routes.shared import register_common_routes, apply_library_filters
logger = logging.getLogger('gaze')
@@ -26,17 +26,8 @@ def register_routes(app):
@app.route('/actions')
def actions_index():
query = Action.query
fav = request.args.get('favourite')
nsfw = request.args.get('nsfw', 'all')
if fav == 'on':
query = query.filter_by(is_favourite=True)
if nsfw == 'sfw':
query = query.filter_by(is_nsfw=False)
elif nsfw == 'nsfw':
query = query.filter_by(is_nsfw=True)
actions = query.order_by(Action.is_favourite.desc(), Action.name).all()
return render_template('actions/index.html', actions=actions, favourite_filter=fav or '', nsfw_filter=nsfw)
actions, fav, nsfw = apply_library_filters(Action.query, Action)
return render_template('actions/index.html', actions=actions, favourite_filter=fav, nsfw_filter=nsfw)
@app.route('/actions/rescan', methods=['POST'])
def rescan_actions():
@@ -228,9 +219,9 @@ def register_routes(app):
selected_fields.append(f'identity::{key}')
# Add wardrobe fields (unless suppressed)
if not suppress_wardrobe:
from utils import _WARDROBE_KEYS
from utils import _BODY_GROUP_KEYS
wardrobe = character.get_active_wardrobe()
for key in _WARDROBE_KEYS:
for key in _BODY_GROUP_KEYS:
if wardrobe.get(key):
selected_fields.append(f'wardrobe::{key}')
@@ -302,9 +293,9 @@ def register_routes(app):
# Wardrobe (active outfit) — skip if suppressed
if not suppress_wardrobe:
from utils import _WARDROBE_KEYS
from utils import _BODY_GROUP_KEYS
wardrobe = extra_char.get_active_wardrobe()
for key in _WARDROBE_KEYS:
for key in _BODY_GROUP_KEYS:
val = wardrobe.get(key)
if val:
extra_parts.append(val)
@@ -389,11 +380,7 @@ def register_routes(app):
try:
with open(html_path, 'r', encoding='utf-8', errors='ignore') as hf:
html_raw = hf.read()
clean_html = re.sub(r'<script[^>]*>.*?</script>', '', html_raw, flags=re.DOTALL)
clean_html = re.sub(r'<style[^>]*>.*?</style>', '', clean_html, flags=re.DOTALL)
clean_html = re.sub(r'<img[^>]*>', '', clean_html)
clean_html = re.sub(r'<[^>]+>', ' ', clean_html)
html_content = ' '.join(clean_html.split())
html_content = clean_html_text(html_raw)
except Exception:
pass