NB-076
2f61ad7f1a
- 项目级 skill: .claude/skills/code-review/ (398行SKILL.md + 参考文件) - 自动触发: AI修改.py/.cbl/.cpy/.lark后自动review - CLAUDE.md: 定义触发规则、review流程、严重级别 - .code-review.yaml: tier=standard, 高风险模块配置 效果: clone即用, 每次代码变更后自动审查, 防止低质量代码入库 Co-Authored-By: Claude <noreply@anthropic.com>
1.8 KiB
1.8 KiB
Python FastAPI Review Checklist
Extends the generic checklist with FastAPI-specific items.
Interface Layer (FastAPI Routes)
- Pydantic models used for request/response schemas
- Pydantic validators (
@validator,@field_validator) for custom logic response_modelspecified on all endpoints- Query/Path parameters have
title,description,examples status_codeset explicitly on non-200 responses- Dependency injection used for shared logic (auth, DB session)
Business Layer
- Business logic separated from route handlers
Depends(get_db)pattern for database session management- Background tasks (
BackgroundTasks) used for non-blocking operations
Data Layer (SQLAlchemy / asyncpg)
- SQLAlchemy: session management via dependency injection
- SQLAlchemy:
selectinload()/joinedload()for eager loading - SQLAlchemy async: proper async session usage (
AsyncSession) - Raw SQL: always parameterized, never f-string interpolation
Error Handling
- Custom exception handlers registered (
@app.exception_handler) - HTTPException with appropriate status codes
- Validation errors return structured response (Pydantic error format)
- Unhandled exceptions caught by global handler
Security
CORSMiddlewarewith specific origins, notallow_origins=["*"]- OAuth2 / JWT integration via FastAPI security utilities
Security()orDepends()for auth checks (not manual header parsing)- Rate limiting middleware (e.g., slowapi)
- Secrets loaded from environment or secret manager
Performance
- Async endpoints (
async def) where I/O-bound httpx.AsyncClientwith connection pooling for external API calls- Response compression middleware (
GZipMiddleware) - Database connection pool size tuned