fix(backend): F1-5b A6 ETL 连接显式 client_encoding=UTF8 防御 GBK (W1)

Windows GBK 环境下 psycopg2/libpq 在拼接连接字符串时,会读取系统用户名 / 计算机名,若含中文(0xd6 是 GBK 首字节)会触发 UnicodeDecodeError。admin_db_health.py:105-115 已用显式 DSN + PGCLIENTENCODING 修过,但 database.py 中的 4 个 connect 函数遗漏。变更: - apps/backend/app/database.py - 新增 _CONN_KWARGS = {**_KEEPALIVE_KWARGS, "client_encoding": "UTF8"} - 4 处 psycopg2.connect 调用从 **_KEEPALIVE_KWARGS 改为 **_CONN_KWARGS: * get_connection(zqyy_app 业务库) * get_etl_global_readonly_connection(ETL 全局只读) * get_etl_readonly_connection(ETL RLS 只读) * get_etl_write_connection(ETL 可写) 业务影响: - 影响 75+ 调用点(grep 统计),Windows GBK 环境下未来出现 UnicodeDecodeError 概率大幅降低 - Linux UTF-8 环境无影响 - ETL RLS / FDW 链路无逻辑变化(client_encoding 是协议层) 验证: - 后端 reload + /health 200 OK - /api/admin/db-health 测试库 connected(test_zqyy_app + test_etl_feiqiu) - BE-3 / T3 unit test 5/5 PASS,间接证明 ETL 连接链路无破坏 §3.3 标"sandbox 无关",4b 跳过(client_encoding 是协议层,与 sandbox 业务时钟无关)。未加 feature flag ETL_FORCE_UTF8(§8.3 兜底建议):client_encoding=UTF8 是 PostgreSQL 默认安全设置,无需 flag 控制。若未来出现特殊业务字段含非 UTF-8 字节再考虑加 flag。审计:docs/audit/changes/2026-05-05__wave1_f1_5b_a6_etl_conn_utf8.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 22:11:43 +08:00
parent 6df02f8efe
commit 16c6fb0d3b
2 changed files with 88 additions and 4 deletions
--- a/apps/backend/app/database.py
+++ b/apps/backend/app/database.py
@@ -39,6 +39,15 @@ _KEEPALIVE_KWARGS = {
    "keepalives_count": 3,       # 连续 3 次失败判定断开
 }

+# F1-5b A6: 显式 client_encoding 防御 Windows GBK 环境下 libpq 拼接连接字符串
+# 时混入系统 locale 触发 UnicodeDecodeError(参见 admin_db_health.py 同款修复)。
+# 加此参数后,psycopg2 在握手时明确告知服务器使用 UTF-8 编码,
+# 不再依赖系统/客户端默认 locale。
+_CONN_KWARGS = {
+    **_KEEPALIVE_KWARGS,
+    "client_encoding": "UTF8",
+}
+
 # 连接重试参数：应对 PostgreSQL 瞬时不可用（Tailscale 网络抖动等）
 _CONNECT_MAX_RETRIES = 3
 _CONNECT_RETRY_DELAY = 1.0  # 秒
@@ -80,7 +89,7 @@ def get_connection() -> PgConnection:
        user=DB_USER,
        password=DB_PASSWORD,
        dbname=APP_DB_NAME,
-        **_KEEPALIVE_KWARGS,
+        **_CONN_KWARGS,
    ))

    if should_trace:
@@ -118,7 +127,7 @@ def get_etl_global_readonly_connection() -> PgConnection:
        user=ETL_DB_USER,
        password=ETL_DB_PASSWORD,
        dbname=ETL_DB_NAME,
-        **_KEEPALIVE_KWARGS,
+        **_CONN_KWARGS,
    ))
    try:
        conn.autocommit = False
@@ -154,7 +163,7 @@ def get_etl_readonly_connection(site_id: int | str) -> PgConnection:
        user=ETL_DB_USER,
        password=ETL_DB_PASSWORD,
        dbname=ETL_DB_NAME,
-        **_KEEPALIVE_KWARGS,
+        **_CONN_KWARGS,
    ))
    try:
        conn.autocommit = False
@@ -186,7 +195,7 @@ def get_etl_write_connection() -> PgConnection:
        user=ETL_DB_USER,
        password=ETL_DB_PASSWORD,
        dbname=ETL_DB_NAME,
-        **_KEEPALIVE_KWARGS,
+        **_CONN_KWARGS,
    ))
    conn.autocommit = False
    return conn