fix(go): guard four nil-pointer dereferences causing runtime panics (#15815)

### What problem does this PR solve?

Fixes four Go paths that dereference a pointer with no prior nil check,
each
causing a **runtime panic**. Closes #15814.

| # | File | Bug | Fix |
|---|------|-----|-----|
| 1 | `internal/entity/models/deepseek.go` | streaming path runs `switch
*chatModelConfig.Effort` inside `if *Thinking`; panics when
`Thinking=true` and `Effort==nil` | nil-check with default `"high"`,
matching the non-streaming path in the same file |
| 2 | `internal/entity/models/volcengine.go` | identical oversight:
`switch *modelConfig.Effort` with no guard | nil-check with default
`"medium"`, matching its non-streaming path |
| 3 | `internal/handler/auth.go` | `AuthMiddleware` does `if
*user.IsSuperuser`; panics on every authenticated request when the DB
column is `NULL` | guard with `user.IsSuperuser != nil &&`, matching
every other call site (`admin/handler.go`, `admin/service.go`,
`user.go`) |
| 4 | `internal/service/heartbeat_sender.go` |
`responseBody["code"].(float64)` panics on any non-200 response lacking
a numeric `code`; the upstream `recover()` calls `Fatal()` →
`os.Exit(1)`, taking down the whole server | comma-ok assertion (`code,
ok := ...`); return an error instead of panicking |

- [x] Bug Fix (non-breaking change which fixes an issue)
This commit is contained in:
JPette1783
2026-06-09 05:29:25 -06:00
committed by GitHub
parent d4fe3bb148
commit acae932938
2 changed files with 6 additions and 2 deletions

View File

@@ -66,7 +66,7 @@ func (h *AuthHandler) AuthMiddleware() gin.HandlerFunc {
}
}
if *user.IsSuperuser {
if user.IsSuperuser != nil && *user.IsSuperuser {
c.JSON(http.StatusForbidden, gin.H{
"code": common.CodeForbidden,
"message": "Super user shouldn't access the URL",

View File

@@ -126,7 +126,11 @@ func (h *HeartbeatSender) SendHeartbeat() error {
if err != nil {
return err
}
responseCode := common.ErrorCode(responseBody["code"].(float64))
code, ok := responseBody["code"].(float64)
if !ok {
return fmt.Errorf("unexpected heartbeat response (status %d): missing or non-numeric \"code\" field", resp.StatusCode)
}
responseCode := common.ErrorCode(code)
if responseCode != common.CodeLicenseValid {
return errors.New(responseCode.Message())
}