refactor: 简化 IP 获取逻辑并将请求体超时配置化

- 移除 TRUSTED_PROXY_COUNT 配置，改为优先使用 X-Real-IP 头 - 添加 REQUEST_BODY_TIMEOUT 环境变量，默认 60 秒 - 统一 get_client_ip 逻辑，优先级：X-Real-IP > X-Forwarded-For > 直连 IP
2026-01-10 03:32:26 +08:00 · 2026-01-06 16:29:03 +08:00
parent 28209e1c2a
commit 2395093394
5 changed files with 49 additions and 75 deletions
--- a/src/api/base/context.py
+++ b/src/api/base/context.py
@@ -11,6 +11,7 @@ from sqlalchemy.orm import Session

 from src.core.logger import logger
 from src.models.database import ApiKey, User
+from src.utils.request_utils import get_client_ip



@@ -86,7 +87,7 @@ class ApiRequestContext:
        setattr(request.state, "request_id", request_id)

        start_time = time.time()
-        client_ip = request.client.host if request.client else "unknown"
+        client_ip = get_client_ip(request)
        user_agent = request.headers.get("user-agent", "unknown")

        context = cls(
--- a/src/api/base/pipeline.py
+++ b/src/api/base/pipeline.py
@@ -7,6 +7,7 @@ from typing import Any, Optional, Tuple
 from fastapi import HTTPException, Request
 from sqlalchemy.orm import Session

+from src.config.settings import config
 from src.core.exceptions import QuotaExceededException
 from src.core.logger import logger
 from src.models.database import ApiKey, AuditEventType, User, UserRole
@@ -64,13 +65,17 @@ class ApiRequestPipeline:
            try:
                import asyncio

-                # 添加30秒超时防止卡死
-                raw_body = await asyncio.wait_for(http_request.body(), timeout=30.0)
+                # 添加超时防止卡死
+                raw_body = await asyncio.wait_for(
+                    http_request.body(), timeout=config.request_body_timeout
+                )
                logger.debug(f"[Pipeline] Raw body读取完成 | size={len(raw_body) if raw_body is not None else 0} bytes")
            except asyncio.TimeoutError:
-                logger.error("读取请求体超时(30s),可能客户端未发送完整请求体")
+                timeout_sec = int(config.request_body_timeout)
+                logger.error(f"读取请求体超时({timeout_sec}s),可能客户端未发送完整请求体")
                raise HTTPException(
-                    status_code=408, detail="Request timeout: body not received within 30 seconds"
+                    status_code=408,
+                    detail=f"Request timeout: body not received within {timeout_sec} seconds",
                )
        else:
            logger.debug(f"[Pipeline] 非写请求跳过读取Body | method={http_request.method}")