Conversation
Review Summary by QodoAdd notification sending system with scheduled retry mechanism
WalkthroughsDescription• Add notification sending and retry mechanism with scheduled tasks • Create new notification record tracking entity and service layer • Integrate notification creation into doctor appointment workflow • Update database configuration credentials for local development Diagramflowchart LR
A["Doctor Appointment<br/>YishengyuyueController"] -->|"creates notifications"| B["Notification Entity<br/>JiuzhentongzhiEntity"]
A -->|"creates send records"| C["Send Record Entity<br/>TongzhifasongEntity"]
D["Scheduled Task<br/>NotificationScheduleTask"] -->|"retries failed"| E["Service Layer<br/>TongzhifasongService"]
E -->|"updates status"| C
F["REST API<br/>TongzhifasongController"] -->|"manages records"| C
File Changes1. server_code/src/main/java/com/cl/SpringbootSchemaApplication.java
|
Code Review by Qodo
1. Build产物被提交
|
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| spring: | ||
| datasource: | ||
| driverClassName: com.mysql.cj.jdbc.Driver | ||
| url: jdbc:mysql://127.0.0.1:3306/cl515882190?useUnicode=true&characterEncoding=utf-8&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=GMT%2B8&useSSL=false | ||
| url: jdbc:mysql://127.0.0.1:3306/cl515882190?useUnicode=true&characterEncoding=utf-8&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=GMT%2B8&useSSL=false&allowPublicKeyRetrieval=true&useSSL=false | ||
| username: root | ||
| password: 202911 | ||
| password: 123456 | ||
|
|
There was a problem hiding this comment.
1. Build产物被提交 🐞 Bug ⛯ Reliability
server_code/target/classes 下的编译产物与资源文件被提交到仓库,会导致资源重复/过期、仓库膨胀,并把运行期配置(含数据库口令)一并固化进 git 历史。应从版本控制中移除并通过 .gitignore 排除。
Agent Prompt
## Issue description
`server_code/target/` 下的构建产物被提交到了仓库(含复制后的 `application.yml`、mapper XML、静态资源等)。这会导致资源重复/过期、仓库膨胀,并把运行期配置与口令固化进 git 历史。
## Issue Context
构建产物应由构建流水线生成,不应纳入版本控制;否则容易出现“源码已改但运行仍读取旧 target 资源”的混乱情况。
## Fix Focus Areas
- server_code/target/classes/application.yml[1-53]
- server_code/target/classes/mapper/TongzhifasongDao.xml[1-32]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| spring: | ||
| datasource: | ||
| driverClassName: com.mysql.cj.jdbc.Driver | ||
| url: jdbc:mysql://127.0.0.1:3306/cl515882190?useUnicode=true&characterEncoding=utf-8&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=GMT%2B8&useSSL=false | ||
| url: jdbc:mysql://127.0.0.1:3306/cl515882190?useUnicode=true&characterEncoding=utf-8&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=GMT%2B8&useSSL=false&allowPublicKeyRetrieval=true&useSSL=false | ||
| username: root | ||
| password: 202911 | ||
| password: 123456 | ||
|
|
There was a problem hiding this comment.
2. 硬编码数据库口令 🐞 Bug ⛨ Security
application.yml 中提交了明文数据库口令(并同步出现在 target/classes 中),属于敏感信息泄露与环境耦合问题。应改为环境变量/外部配置并从仓库与历史中清理。
Agent Prompt
## Issue description
`application.yml` 中存在明文数据库口令,并被复制到 `target/classes` 后也提交进仓库,构成凭据泄露。
## Issue Context
Spring Boot 支持通过环境变量或 profile 覆盖配置。口令不应进入代码仓库和构建产物的版本控制。
## Fix Focus Areas
- server_code/src/main/resources/application.yml[10-16]
- server_code/target/classes/application.yml[10-16]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| public void retryFailedNotifications() { | ||
| EntityWrapper<TongzhifasongEntity> wrapper = new EntityWrapper<>(); | ||
| wrapper.eq("fasongzhuangtai", "发送失败"); | ||
| wrapper.lt("chongshicishu", 5); | ||
|
|
||
| List<TongzhifasongEntity> failedList = this.selectList(wrapper); | ||
|
|
||
| for (TongzhifasongEntity record : failedList) { | ||
| try { | ||
| boolean success = sendNotification(record); | ||
| if (success) { | ||
| record.setFasongzhuangtai("发送成功"); | ||
| record.setShibaiyuanyin(null); | ||
| } else { | ||
| record.setChongshicishu(record.getChongshicishu() + 1); | ||
| record.setChongshishijian(new Date()); | ||
| } | ||
| this.updateById(record); | ||
| } catch (Exception e) { | ||
| record.setChongshicishu(record.getChongshicishu() + 1); | ||
| record.setChongshishijian(new Date()); | ||
| record.setShibaiyuanyin(e.getMessage()); | ||
| this.updateById(record); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| private boolean sendNotification(TongzhifasongEntity record) { | ||
| try { | ||
| Thread.sleep(100); | ||
| return true; | ||
| } catch (Exception e) { | ||
| return false; | ||
| } | ||
| } |
There was a problem hiding this comment.
3. 重试逻辑为占位实现 🐞 Bug ✓ Correctness
重试发送的 sendNotification() 只是 Thread.sleep(100) 后返回 true,导致“发送失败”的记录在重试时会被无条件标记为“发送成功”,并且每条记录阻塞调度线程,带来错误状态与性能问题。
Agent Prompt
## Issue description
当前 `sendNotification()` 为占位实现:sleep 后直接返回 true,导致重试会把失败记录错误标记为成功,并且每条记录阻塞调度线程。
## Issue Context
`retryFailedNotifications()` 会查询 `fasongzhuangtai="发送失败"` 且 `chongshicishu < 5` 的记录进行重试。若发送逻辑不真实或总是返回成功,将直接破坏发送状态的可信度。
## Fix Focus Areas
- server_code/src/main/java/com/cl/service/impl/TongzhifasongServiceImpl.java[52-86]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| public R save(@RequestBody YishengyuyueEntity yishengyuyue, HttpServletRequest request){ | ||
| //ValidatorUtils.validateEntity(yishengyuyue); | ||
| yishengyuyueService.insert(yishengyuyue); | ||
| createNotifications(yishengyuyue); | ||
| return R.ok(); | ||
| } | ||
|
|
There was a problem hiding this comment.
4. 预约写入缺少事务且状态不一致 🐞 Bug ⛯ Reliability
医生预约保存后再创建就诊通知与发送记录,但 save/add 未加事务,任一 insert 失败会导致预约/通知/发送记录部分成功的脏数据;同时发送记录创建时直接写“发送成功”,与重试逻辑(只处理“发送失败”)不一致,导致重试机制对这些记录永远无效。
Agent Prompt
## Issue description
预约创建后写入通知与发送记录没有事务,且发送记录初始状态被设置为“发送成功”,与后续重试逻辑筛选“发送失败”相冲突。
## Issue Context
`save/add` 先 `yishengyuyueService.insert` 再执行 `createNotifications()` 的多次 insert。任何一步失败都会产生部分写入。
## Fix Focus Areas
- server_code/src/main/java/com/cl/controller/YishengyuyueController.java[155-202]
- server_code/src/main/java/com/cl/service/impl/TongzhifasongServiceImpl.java[52-56]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| @RequestMapping("/page") | ||
| public R page(@RequestParam Map<String, Object> params,TongzhifasongEntity tongzhifasong, | ||
| HttpServletRequest request){ | ||
| String tableName = request.getSession().getAttribute("tableName").toString(); | ||
| EntityWrapper<TongzhifasongEntity> ew = new EntityWrapper<TongzhifasongEntity>(); | ||
|
|
||
| PageUtils page = tongzhifasongService.queryPage(params, MPUtil.sort(MPUtil.between(MPUtil.likeOrEq(ew, tongzhifasong), params), params)); | ||
| return R.ok().put("data", page); | ||
| } |
There was a problem hiding this comment.
5. 发送记录缺少数据隔离 🐞 Bug ⛨ Security
TongzhifasongController 的 /page 读取 session 的 tableName 但未按角色/用户过滤数据,导致任意登录用户都可查询全部发送记录(含手机号等)。同时提供 /retry 触发重试但未做角色限制,存在越权触发后台任务风险。
Agent Prompt
## Issue description
Tongzhifasong 的查询与重试触发接口缺少按用户/角色的数据隔离与权限限制,可能导致 PII 泄露与越权触发重试任务。
## Issue Context
同项目中部分资源(如 `JiuzhentongzhiController.page`)会基于 session 的 `tableName/username` 进行过滤,但 `TongzhifasongController.page` 未做任何过滤。
## Fix Focus Areas
- server_code/src/main/java/com/cl/controller/TongzhifasongController.java[44-52]
- server_code/src/main/java/com/cl/controller/TongzhifasongController.java[126-131]
- server_code/src/main/java/com/cl/controller/JiuzhentongzhiController.java[62-72]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
1 participant
No description provided.