feat: replace str.format with safe_render; add Pydantic validation to webhook route

2025-12-24 10:53:15 +08:00
parent ec58508476
commit 74b8b8e8ed
3 changed files with 34 additions and 7 deletions
@@ -3,6 +3,7 @@ import asyncio
 import re
 from app.db import SessionLocal, ProcessingRule, RuleAction, Target, NotificationChannel, MessageTemplate
 from app.logging import get_logger
+from app.templates import safe_render

 logger = get_logger("engine")

@@ -100,7 +101,8 @@ class RuleEngine:
                                            render_context = self._flatten_payload(payload)
                                            render_context.update(current_context["vars"])
                                            
-                                            msg = template_content.format(**render_context)
+                                            # Use safe Jinja2 rendering (supports legacy {var} by conversion)
+                                            msg = safe_render(template_content, render_context)
                                            
                                            c_dict = {"channel": action.channel.channel_type, "url": action.channel.webhook_url}
                                            tasks.append(self._exec_notify(c_dict, msg))