fix: 完善 Liblib 图片尺寸兼容处理并补充安全排查记录

- 调整 Liblib 图片生成参数，优先使用官方 aspectRatio 预设，非预设尺寸回退为 imageSize 显式宽高。\n- 新增尺寸解析与边界钳制逻辑，并补充对 undocumented 状态 7 的防御性处理说明。\n- 新增密钥排查备忘，记录 .env 中腾讯 COS 凭证硬编码问题，便于后续安全整改。
2026-03-11 15:36:58 +08:00
parent 3bf79da540
commit 201dedb84c
2 changed files with 46 additions and 11 deletions
--- a/api/services/memoir_images/provider.py
+++ b/api/services/memoir_images/provider.py
@@ -19,14 +19,30 @@ _SENSITIVE_QUERY_RE = re.compile(
    r"([?&])(" + "|".join(_SENSITIVE_QUERY_PARAMS) + r")=([^&\s]+)"
 )

+# LibLib Star-3 Alpha aspectRatio presets (official docs):
+#   square   → 1:1,  1024x1024
+#   portrait → 3:4,  768x1024
+#   landscape→ 16:9, 1280x720
+# To use exact pixel dimensions instead, pass imageSize (see submit_generation).
 _SIZE_TO_ASPECT_RATIO = {
    "1024x1024": "square",
    "768x1024": "portrait",
-    "1024x768": "landscape",
    "1280x720": "landscape",
-    "720x1280": "portrait",
 }

+_DEFAULT_WIDTH, _DEFAULT_HEIGHT = 1024, 1024
+
+
+def _parse_size(size: str) -> tuple[int, int]:
+    """Parse a 'WxH' string into (width, height), clamped to 512~2048."""
+    try:
+        w_str, h_str = size.lower().split("x", 1)
+        w = max(512, min(2048, int(w_str)))
+        h = max(512, min(2048, int(h_str)))
+        return w, h
+    except (ValueError, AttributeError):
+        return _DEFAULT_WIDTH, _DEFAULT_HEIGHT
+

 class LiblibImageProvider:
    """Liblib (https://openapi.liblibai.cloud) image generation adapter."""
@@ -83,16 +99,23 @@ class LiblibImageProvider:
        params = self._sign(uri)
        styled_prompt = _apply_style_to_prompt(prompt, style)

-        aspect_ratio = _SIZE_TO_ASPECT_RATIO.get(size, "square")
+        aspect_ratio = _SIZE_TO_ASPECT_RATIO.get(size)
+
+        generate_params: dict = {
+            "prompt": styled_prompt,
+            "imgCount": 1,
+            "steps": 30,
+        }
+        if aspect_ratio:
+            generate_params["aspectRatio"] = aspect_ratio
+        else:
+            # Not a preset ratio — pass explicit imageSize (width/height 512~2048).
+            w, h = _parse_size(size)
+            generate_params["imageSize"] = {"width": w, "height": h}

        body = {
            "templateUuid": self.template_uuid,
-            "generateParams": {
-                "prompt": styled_prompt,
-                "aspectRatio": aspect_ratio,
-                "imgCount": 1,
-                "steps": 30,
-            },
+            "generateParams": generate_params,
        }
        response = self.http_client.post(
            url,
@@ -145,8 +168,10 @@ class LiblibImageProvider:
            if status == 6:  # failed
                raise RuntimeError(f"Liblib generation failed: {result.get('generateMsg', 'unknown')}")

-            if status == 7:  # timeout on Liblib side
-                raise TimeoutError(f"Liblib generation timed out on server side: {job['job_id']}")
+            # Status 7 is not listed in the official LibLib API docs (1-6 only).
+            # Treat any undocumented non-terminal status defensively as a failure.
+            if status == 7:
+                raise TimeoutError(f"Liblib returned undocumented status 7 for {job['job_id']}")

            logger.debug(
                "Liblib poll attempt %d/%d, status=%s, job=%s",
--- a/docs/todo/various.md
+++ b/docs/todo/various.md
@@ -0,0 +1,10 @@
+.env 中硬编码了密钥
+.env 文件中直接写入了 TENCENT_COS_SECRET_ID 和 TENCENT_COS_SECRET_KEY：
+
+TENCENT_COS_SECRET_ID=AKIDa2ILCwUr56uVt31oU0JOHxPfGhvvkLiq
+TENCENT_COS_SECRET_KEY=xiFbjlZ9XheS2NWYLvHRPAh2A5nGYcR2
+官方文档强调"建议使用子账号密钥，授权遵循最小权限指引"。请确认：
+
+这是否为子账号密钥（而非主账号密钥）
+该密钥权限是否已限定为最小范围（只有 cos:PutObject 和 cos:GetObject 权限，仅限目标 bucket）
+.env 是否已加入 .gitignore（防止密钥泄露到 git 仓库）