增加浏览量数据，与原创勾选

db_utils.py

@@ -359,6 +359,204 @@ def paginate(
     }
 
 
+# ==========================================
+# 👁️ 访问量记录工具函数
+# ==========================================
+
+def record_view(data_file: str, item_id: str, user_account: str) -> Optional[Dict]:
+    """
+    记录访问量（原子操作，并发安全）
+    
+    参数：
+        data_file: JSON 文件名（如 Items.json）
+        item_id: 要记录访问的 item/task ID
+        user_account: 访问用户账号
+    
+    返回：
+        {"views": N, "daily_views": N} 成功
+        None 记录不存在
+    
+    逻辑：
+        - 初始化字段: views=0, viewed_by=[], daily_views=0, daily_views_date=""
+        - daily_views 每次调用都增加
+        - views 只在用户首次访问时增加（user_account 不在 viewed_by 中）
+        - 如果 daily_views_date 不是今天，重置 daily_views=0 并更新日期
+    
+    并发安全：
+        - 使用 atomic_update 确保读-改-写在同一把锁内完成
+        - 高并发下不会丢失访问量
+    """
+    from datetime import date
+    
+    # 用于在闭包中存储结果
+    result_container = [None]
+    
+    def updater(data):
+        # 查找目标记录
+        target_item = None
+        
+        if isinstance(data, dict):
+            if item_id in data:
+                target_item = data[item_id]
+        else:
+            for item in data:
+                if item.get("id") == item_id:
+                    target_item = item
+                    break
+        
+        if target_item is None:
+            result_container[0] = None
+            return
+        
+        # 初始化字段（如果不存在）
+        if "views" not in target_item:
+            target_item["views"] = 0
+        if "viewed_by" not in target_item:
+            target_item["viewed_by"] = []
+        if "daily_views" not in target_item:
+            target_item["daily_views"] = 0
+        if "daily_views_date" not in target_item:
+            target_item["daily_views_date"] = ""
+        
+        # 获取今天的日期字符串
+        today_str = date.today().isoformat()  # "2026-04-02"
+        
+        # 检查是否需要重置日访问量
+        if target_item["daily_views_date"] != today_str:
+            target_item["daily_views"] = 0
+            target_item["daily_views_date"] = today_str
+        
+        # 增加日访问量（每次调用都增加）
+        target_item["daily_views"] += 1
+        
+        # 检查用户是否已访问过
+        if user_account not in target_item["viewed_by"]:
+            target_item["viewed_by"].append(user_account)
+            target_item["views"] += 1
+        
+        # 保存结果到闭包容器
+        result_container[0] = {
+            "views": target_item["views"],
+            "daily_views": target_item["daily_views"]
+        }
+    
+    # 使用原子更新，整个读-改-写过程在同一把锁内完成
+    db.atomic_update(data_file, updater, default_data=[])
+    
+    return result_container[0]
+
+
+# ==========================================
+# 🗂️ 排序结果缓存工具类
+# ==========================================
+
+import time
+from typing import Callable, List, Dict, Any
+
+class SortCache:
+    """
+    排序结果缓存类 - 用于缓存列表排序结果，减少重复排序开销
+    
+    设计原则：
+    1. 缓存排序后的 ID 顺序，而非完整数据，避免内存浪费
+    2. 使用 TTL (默认5分钟) 自动过期，确保数据新鲜度
+    3. 写操作时清除相关缓存，确保数据一致性
+    4. 在 load_data 返回的最新数据之上应用缓存的顺序
+    
+    使用示例：
+        # 在列表接口中
+        def get_items(sort="time"):
+            items = db.load_data("items.json", default_data=[])
+            cache_key = f"items:{sort}"
+            
+            def sort_fn(data):
+                if sort == "likes":
+                    data.sort(key=lambda x: x.get("likes", 0), reverse=True)
+                else:
+                    data.sort(key=lambda x: x.get("created_at", 0), reverse=True)
+            
+            return sort_cache.get_sorted(cache_key, items, sort_fn)
+        
+        # 在写操作后
+        def create_item(...):
+            ...
+            sort_cache.invalidate("items")
+    """
+    
+    def __init__(self, ttl: int = 300):
+        """
+        初始化排序缓存
+        
+        参数：
+            ttl: 缓存过期时间（秒），默认 300 秒（5分钟）
+        """
+        self._cache: Dict[str, tuple] = {}  # {cache_key: (sorted_ids, timestamp)}
+        self._ttl = ttl
+    
+    def get_sorted(self, cache_key: str, items: List[Dict], sort_fn: Callable[[List[Dict]], None]) -> List[Dict]:
+        """
+        获取排序后的数据（带缓存）
+        
+        参数：
+            cache_key: 缓存键，应包含数据文件和排序参数
+            items: 原始数据列表（来自 load_data 的最新数据）
+            sort_fn: 排序函数，接收 items 列表并原地排序
+        
+        返回：
+            排序后的 items 列表
+        """
+        now = time.time()
+        
+        # 检查缓存是否有效
+        if cache_key in self._cache:
+            sorted_ids, cached_time = self._cache[cache_key]
+            if now - cached_time < self._ttl:
+                # 缓存有效，用缓存的顺序重排当前数据
+                id_order = {id_: idx for idx, id_ in enumerate(sorted_ids)}
+                # 按缓存的顺序排序，新数据（不在缓存中的）放在最后
+                return sorted(items, key=lambda x: id_order.get(x.get("id"), float('inf')))
+        
+        # 缓存无效或不存在，执行排序
+        sort_fn(items)
+        
+        # 缓存排序后的 ID 列表
+        sorted_ids = [item.get("id") for item in items]
+        self._cache[cache_key] = (sorted_ids, now)
+        
+        return items
+    
+    def invalidate(self, prefix: str = ""):
+        """
+        清除缓存
+        
+        参数：
+            prefix: 缓存键前缀，如果指定则只清除匹配的缓存，否则清除所有缓存
+        """
+        if prefix:
+            keys_to_remove = [k for k in self._cache if k.startswith(prefix)]
+            for k in keys_to_remove:
+                del self._cache[k]
+        else:
+            self._cache.clear()
+    
+    def get_stats(self) -> Dict[str, Any]:
+        """
+        获取缓存统计信息（用于调试）
+        """
+        now = time.time()
+        valid_count = sum(1 for _, ts in self._cache.values() if now - ts < self._ttl)
+        return {
+            "total_cached": len(self._cache),
+            "valid": valid_count,
+            "expired": len(self._cache) - valid_count,
+            "ttl": self._ttl
+        }
+
+
+# 全局排序缓存实例（TTL 5分钟）
+sort_cache = SortCache(ttl=300)
+
+
 # ==========================================
 # 🔄 批量操作工具函数
 # ==========================================

models.py

@@ -65,6 +65,7 @@ class ItemCreate(BaseModel):
     github_token: Optional[str] = None
     netdisk_password: Optional[str] = None  # ☁️ 网盘提取码（加密存储，购买后解密）
     is_netdisk: Optional[bool] = False      # ☁️ 是否为网盘资源
+    is_original: Optional[bool] = False     # 🎨 是否为原创作品
 
 class ItemUpdate(BaseModel):
     title: Optional[str] = None
@@ -77,6 +78,7 @@ class ItemUpdate(BaseModel):
     github_token: Optional[str] = None
     netdisk_password: Optional[str] = None  # ☁️ 网盘提取码
     is_netdisk: Optional[bool] = None       # ☁️ 是否为网盘资源
+    is_original: Optional[bool] = None      # 🎨 是否为原创作品
 
 class FollowToggle(BaseModel):
     user_id: str
@@ -211,10 +213,12 @@ class PostCreate(BaseModel):
     cover_image: str                        # 封面图（第一张）
     images: Optional[List[str]] = []       # 图片列表（最多9张）
     author: str                             # 作者账号
+    is_original: Optional[bool] = False     # 🎨 是否为原创作品
 
 class PostUpdate(BaseModel):
     """ 更新帖子 """
     title: Optional[str] = None
     content: Optional[str] = None
     cover_image: Optional[str] = None
-    images: Optional[List[str]] = None
+    images: Optional[List[str]] = None
+    is_original: Optional[bool] = None      # 🎨 是否为原创作品

router_comments.py

@@ -77,6 +77,7 @@ async def soft_delete_comment(item_id: str, comment_id: str, account: str = Depe
     items_db = db.load_data("items.json", default_data=[])
     posts_db = db.load_data("posts.json", default_data=[])
     users_db = db.load_data("users.json", default_data={})
+    tasks_db = db.load_data("tasks.json", default_data=[])
     
     item_comments = comments_db.get(item_id, [])
     target_comment = None
@@ -112,6 +113,12 @@ async def soft_delete_comment(item_id: str, comment_id: str, account: str = Depe
             if item["id"] == item_id and item.get("author") == account:
                 is_content_author = True
                 break
+    # 任务发布者
+    if not is_content_author:
+        for task in tasks_db:
+            if task["id"] == item_id and task.get("publisher") == account:
+                is_content_author = True
+                break
     # 检查是否为个人主页留言板作者
     if not is_content_author:
         if item_id in users_db and item_id == account:

router_items.py

@@ -11,6 +11,7 @@ import 数据库连接 as db
 from models import ItemCreate, ItemUpdate
 from 安全认证 import require_auth, check_ownership
 from 数据库连接 import invalidate_cache
+from db_utils import record_view, sort_cache
 
 router = APIRouter()
 
@@ -26,6 +27,9 @@ def get_last_6_months():
         res.append(f"{y}-{m:02d}")
     return res
 
+# 数据文件标识，用于排序缓存
+data_file = "items.json"
+
 @router.get("/api/items")
 async def get_items(type: str = "tool", sort: str = "time", limit: int = 50): # 优化：默认限制调大至 50，提升前端列表体验
     items_db = db.load_data("items.json", default_data=[])
@@ -37,6 +41,28 @@ async def get_items(type: str = "tool", sort: str = "time", limit: int = 50): #
         filtered_items = [item for item in items_db if item.get("type", "").startswith("recommend")]
     else:
         filtered_items = [item for item in items_db if item.get("type") == type]
+    
+    # 🗂️ 使用排序缓存优化排序性能
+    cache_key = f"items:{type}:{sort}"
+    
+    def sort_fn(data):
+        if sort == "likes":
+            data.sort(key=lambda x: x.get("likes", 0), reverse=True)
+        elif sort == "favorites":
+            data.sort(key=lambda x: x.get("favorites", 0), reverse=True)
+        elif sort == "downloads":
+            data.sort(key=lambda x: x.get("uses", 0), reverse=True)
+        elif sort == "tips": # 🚀 按近期打赏排序
+            current_month = datetime.date.today().strftime("%Y-%m")
+            data.sort(key=lambda x: x.get("tip_history", {}).get(current_month, 0), reverse=True)
+        elif sort == "views": # 👁️ 按总访问量排序
+            data.sort(key=lambda x: x.get("views", 0), reverse=True)
+        elif sort == "daily_views": # 👁️ 按日访问量排序
+            data.sort(key=lambda x: x.get("daily_views", 0), reverse=True)
+        else: # time 或其他默认
+            data.sort(key=lambda x: x.get("created_at", 0), reverse=True)
+    
+    filtered_items = sort_cache.get_sorted(cache_key, filtered_items, sort_fn)
         
     for item in filtered_items:
         item["commentsData"] = comments_db.get(item["id"], [])
@@ -46,14 +72,7 @@ async def get_items(type: str = "tool", sort: str = "time", limit: int = 50): #
         # 🔴 【绝对核心防线】：在下发给前端前，强行在内存中抹除敏感信息！
         item.pop("github_token", None)
         item.pop("netdisk_password", None)  # ☁️ 网盘密码不在列表中显示
-        
-    if sort == "likes": filtered_items.sort(key=lambda x: x.get("likes", 0), reverse=True)
-    elif sort == "favorites": filtered_items.sort(key=lambda x: x.get("favorites", 0), reverse=True)
-    elif sort == "downloads": filtered_items.sort(key=lambda x: x.get("uses", 0), reverse=True)
-    elif sort == "tips": # 🚀 新增：按近期打赏排序
-        current_month = datetime.date.today().strftime("%Y-%m")
-        filtered_items.sort(key=lambda x: x.get("tip_history", {}).get(current_month, 0), reverse=True)
-    else: filtered_items.sort(key=lambda x: x.get("created_at", 0), reverse=True)
+        item.pop("viewed_by", None)  # 👁️ 访问者列表不暴露给前端
     
     return {"status": "success", "data": filtered_items[:limit]}
 
@@ -141,10 +160,13 @@ async def create_item(item: ItemCreate):
         "github_token": item.github_token,
         "netdisk_password": item.netdisk_password,  # ☁️ 网盘密码
         "is_netdisk": item.is_netdisk,              # ☁️ 是否网盘资源
+        "is_original": item.is_original,            # 🎨 是否为原创作品
         "likes": 0, "favorites": 0, "comments": 0, "uses": 0, "use_history": {}, "created_at": int(time.time()), "liked_by": [], "favorited_by": []
     }
     items_db.insert(0, new_item)
     db.save_data("items.json", items_db)
+    # 🗂️ 清除排序缓存
+    sort_cache.invalidate("items:")
     return {"status": "success", "data": new_item}
 
 @router.put("/api/items/{item_id}")
@@ -200,8 +222,11 @@ async def update_item(item_id: str, update_data: ItemUpdate, current_user: str =
             if update_data.github_token is not None: item["github_token"] = update_data.github_token 
             if update_data.netdisk_password is not None: item["netdisk_password"] = update_data.netdisk_password  # ☁️
             if update_data.is_netdisk is not None: item["is_netdisk"] = update_data.is_netdisk  # ☁️
+            if update_data.is_original is not None: item["is_original"] = update_data.is_original  # 🎨
             
             db.save_data("items.json", items_db)
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("items:")
             
             result = {"status": "success"}
             if price_change_info:
@@ -313,7 +338,97 @@ async def delete_item(item_id: str, current_user: str = Depends(require_auth)):
             # 3. 清理缓存：使 items.json 和 comments.json 的缓存失效
             invalidate_cache("items.json")
             invalidate_cache("comments.json")
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("items:")
             
             return {"status": "success", "message": "内容已删除"}
     
-    raise HTTPException(status_code=404, detail="找不到该内容记录")
+    raise HTTPException(status_code=404, detail="找不到该内容记录")
+
+
+@router.post("/api/items/{item_id}/view")
+async def record_item_view(item_id: str, current_user: str = Depends(require_auth)):
+    """
+    记录资源访问量
+    👁️ 需要用户认证，每个用户只计算一次总访问量，日访问量每次调用都增加
+    """
+    result = record_view("items.json", item_id, current_user)
+    
+    if result is None:
+        raise HTTPException(status_code=404, detail="找不到该内容记录")
+    
+    return {"status": "success", "views": result["views"], "daily_views": result["daily_views"]}
+
+
+# ==========================================
+# ❤️ 互动接口（点赞/收藏）
+# ==========================================
+
+@router.post("/api/items/{item_id}/like")
+async def toggle_item_like(item_id: str, current_user: str = Depends(require_auth)):
+    """
+    点赞/取消点赞（原子操作，并发安全）
+    """
+    result_container = [None]
+    
+    def updater(data):
+        for item in data:
+            if item["id"] == item_id:
+                liked_by = item.get("liked_by", [])
+                if current_user in liked_by:
+                    liked_by.remove(current_user)
+                    item["likes"] = max(0, item.get("likes", 0) - 1)
+                    action = "unliked"
+                else:
+                    liked_by.append(current_user)
+                    item["likes"] = item.get("likes", 0) + 1
+                    action = "liked"
+                item["liked_by"] = liked_by
+                result_container[0] = {"status": "success", "action": action, "likes": item["likes"]}
+                return
+        result_container[0] = None  # 未找到资源
+    
+    db.atomic_update("items.json", updater, default_data=[])
+    
+    if result_container[0] is None:
+        raise HTTPException(status_code=404, detail="资源不存在")
+    
+    # 🗂️ 清除排序缓存（点赞数变化可能影响排序）
+    sort_cache.invalidate("items:")
+    
+    return result_container[0]
+
+
+@router.post("/api/items/{item_id}/favorite")
+async def toggle_item_favorite(item_id: str, current_user: str = Depends(require_auth)):
+    """
+    收藏/取消收藏（原子操作，并发安全）
+    """
+    result_container = [None]
+    
+    def updater(data):
+        for item in data:
+            if item["id"] == item_id:
+                favorited_by = item.get("favorited_by", [])
+                if current_user in favorited_by:
+                    favorited_by.remove(current_user)
+                    item["favorites"] = max(0, item.get("favorites", 0) - 1)
+                    action = "unfavorited"
+                else:
+                    favorited_by.append(current_user)
+                    item["favorites"] = item.get("favorites", 0) + 1
+                    action = "favorited"
+                item["favorited_by"] = favorited_by
+                result_container[0] = {"status": "success", "action": action, "favorites": item["favorites"]}
+                return
+        result_container[0] = None  # 未找到资源
+    
+    db.atomic_update("items.json", updater, default_data=[])
+    
+    if result_container[0] is None:
+        raise HTTPException(status_code=404, detail="资源不存在")
+    
+    # 🗂️ 清除排序缓存（收藏数变化可能影响排序）
+    sort_cache.invalidate("items:")
+    
+    return result_container[0]

router_messages.py

@@ -8,24 +8,10 @@ import os
 import 数据库连接 as db
 from notifications import add_notification
 from models import PrivateMessage
-from 安全认证 import require_auth
+from 安全认证 import require_auth, is_admin
 
 router = APIRouter()
 
-# ==========================================
-# 🔒 P0安全修复：管理员账号从环境变量读取
-# ==========================================
-# 支持多管理员，逗号分隔，如：ADMIN_ACCOUNTS=admin1,admin2,admin3
-ADMIN_ACCOUNTS = set(
-    acc.strip() 
-    for acc in os.environ.get("ADMIN_ACCOUNTS", "").split(",") 
-    if acc.strip()
-)
-
-def is_admin(account: str) -> bool:
-    """检查账号是否为管理员"""
-    return account in ADMIN_ACCOUNTS
-
 # ==========================================
 # 新增：系统公告请求体模型
 # ==========================================

router_posts.py

@@ -9,6 +9,7 @@ from fastapi import APIRouter, HTTPException, Depends
 from models import PostCreate, PostUpdate
 import 数据库连接 as db
 from 安全认证 import require_auth
+from db_utils import record_view, sort_cache
 import time
 import uuid
 
@@ -19,9 +20,14 @@ router = APIRouter()
 # ==========================================
 
 @router.get("/api/posts")
-async def get_posts(page: int = 1, limit: int = 20):
+async def get_posts(page: int = 1, limit: int = 20, sort: str = "latest"):
     """
-    获取帖子列表（分页，按时间倒序）
+    获取帖子列表（分页，支持多种排序方式）
+    - sort=latest: 按创建时间降序（默认）
+    - sort=likes: 按点赞数降序
+    - sort=favorites: 按收藏数降序
+    - sort=views: 按总访问量降序
+    - sort=daily_views: 按日访问量降序
     """
     posts_db = db.load_data("posts.json", default_data=[])
     users_db = db.load_data("users.json", default_data={})
@@ -29,15 +35,29 @@ async def get_posts(page: int = 1, limit: int = 20):
     # users_db 已经是 {account: user_info} 格式，直接使用
     user_map = users_db
     
-    # 按创建时间倒序
-    sorted_posts = sorted(posts_db, key=lambda x: x.get("created_at", 0), reverse=True)
+    # 🗂️ 使用排序缓存优化排序性能
+    cache_key = f"posts:{sort}"
+    
+    def sort_fn(data):
+        if sort == "likes":
+            data.sort(key=lambda x: x.get("likes", 0), reverse=True)
+        elif sort == "favorites":
+            data.sort(key=lambda x: x.get("favorites", 0), reverse=True)
+        elif sort == "views":
+            data.sort(key=lambda x: x.get("views", 0), reverse=True)
+        elif sort == "daily_views":
+            data.sort(key=lambda x: x.get("daily_views", 0), reverse=True)
+        else:  # latest 或其他默认
+            data.sort(key=lambda x: x.get("created_at", 0), reverse=True)
+    
+    sorted_posts = sort_cache.get_sorted(cache_key, posts_db, sort_fn)
     
     # 分页
     start = (page - 1) * limit
     end = start + limit
     paged_posts = sorted_posts[start:end]
     
-    # 附加作者信息
+    # 附加作者信息，并过滤敏感字段
     result = []
     for post in paged_posts:
         author_info = user_map.get(post.get("author"), {})
@@ -46,6 +66,10 @@ async def get_posts(page: int = 1, limit: int = 20):
             "author_name": author_info.get("name", post.get("author")),
             "author_avatar": author_info.get("avatarDataUrl", "")
         }
+        # 过滤敏感字段（列表接口过滤 viewed_by、liked_by、favorited_by）
+        post_data.pop("viewed_by", None)
+        post_data.pop("liked_by", None)
+        post_data.pop("favorited_by", None)
         result.append(post_data)
     
     return {
@@ -69,9 +93,18 @@ async def get_my_posts(current_user: str = Depends(require_auth)):
     # 按创建时间倒序
     my_posts = sorted(my_posts, key=lambda x: x.get("created_at", 0), reverse=True)
     
+    # 过滤敏感字段（列表接口过滤 viewed_by、liked_by、favorited_by）
+    result = []
+    for post in my_posts:
+        post_data = dict(post)
+        post_data.pop("viewed_by", None)
+        post_data.pop("liked_by", None)
+        post_data.pop("favorited_by", None)
+        result.append(post_data)
+    
     return {
         "status": "success",
-        "data": my_posts
+        "data": result
     }
 
 @router.get("/api/posts/{post_id}")
@@ -88,13 +121,16 @@ async def get_post_detail(post_id: str):
     for post in posts_db:
         if post["id"] == post_id:
             author_info = user_map.get(post.get("author"), {})
+            post_data = {
+                **post,
+                "author_name": author_info.get("name", post.get("author")),
+                "author_avatar": author_info.get("avatarDataUrl", "")
+            }
+            # 过滤敏感字段
+            post_data.pop("viewed_by", None)
             return {
                 "status": "success",
-                "data": {
-                    **post,
-                    "author_name": author_info.get("name", post.get("author")),
-                    "author_avatar": author_info.get("avatarDataUrl", "")
-                }
+                "data": post_data
             }
     
     raise HTTPException(status_code=404, detail="帖子不存在")
@@ -117,6 +153,7 @@ async def create_post(post: PostCreate, current_user: str = Depends(require_auth
         "images": images,
         "author": current_user,
         "created_at": int(time.time()),
+        "is_original": post.is_original if post.is_original is not None else False,  # 🎨 原创作品标记
         # 互动数据
         "likes": 0,
         "favorites": 0,
@@ -128,6 +165,8 @@ async def create_post(post: PostCreate, current_user: str = Depends(require_auth
     
     posts_db.insert(0, new_post)
     db.save_data("posts.json", posts_db)
+    # 🗂️ 清除排序缓存
+    sort_cache.invalidate("posts:")
     
     return {"status": "success", "data": new_post}
 
@@ -151,8 +190,12 @@ async def update_post(post_id: str, update_data: PostUpdate, current_user: str =
                 post["cover_image"] = update_data.cover_image
             if update_data.images is not None:
                 post["images"] = update_data.images[:9]
+            if update_data.is_original is not None:
+                post["is_original"] = update_data.is_original  # 🎨 更新原创作品标记
             
             db.save_data("posts.json", posts_db)
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("posts:")
             return {"status": "success"}
     
     raise HTTPException(status_code=404, detail="帖子不存在")
@@ -171,6 +214,8 @@ async def delete_post(post_id: str, current_user: str = Depends(require_auth)):
             
             posts_db.pop(i)
             db.save_data("posts.json", posts_db)
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("posts:")
             return {"status": "success"}
     
     raise HTTPException(status_code=404, detail="帖子不存在")
@@ -182,56 +227,70 @@ async def delete_post(post_id: str, current_user: str = Depends(require_auth)):
 @router.post("/api/posts/{post_id}/like")
 async def toggle_like(post_id: str, current_user: str = Depends(require_auth)):
     """
-    点赞/取消点赞
+    点赞/取消点赞（原子操作，并发安全）
     """
-    posts_db = db.load_data("posts.json", default_data=[])
+    result_container = [None]
+    
+    def updater(data):
+        for post in data:
+            if post["id"] == post_id:
+                liked_by = post.get("liked_by", [])
+                if current_user in liked_by:
+                    liked_by.remove(current_user)
+                    post["likes"] = max(0, post.get("likes", 0) - 1)
+                    action = "unliked"
+                else:
+                    liked_by.append(current_user)
+                    post["likes"] = post.get("likes", 0) + 1
+                    action = "liked"
+                post["liked_by"] = liked_by
+                result_container[0] = {"status": "success", "action": action, "likes": post["likes"]}
+                return
+        result_container[0] = None  # 未找到帖子
+    
+    db.atomic_update("posts.json", updater, default_data=[])
+    
+    if result_container[0] is None:
+        raise HTTPException(status_code=404, detail="帖子不存在")
     
-    for post in posts_db:
-        if post["id"] == post_id:
-            liked_by = post.get("liked_by", [])
-            
-            if current_user in liked_by:
-                liked_by.remove(current_user)
-                post["likes"] = max(0, post.get("likes", 0) - 1)
-                action = "unliked"
-            else:
-                liked_by.append(current_user)
-                post["likes"] = post.get("likes", 0) + 1
-                action = "liked"
-            
-            post["liked_by"] = liked_by
-            db.save_data("posts.json", posts_db)
-            
-            return {"status": "success", "action": action, "likes": post["likes"]}
+    # 🗂️ 清除排序缓存（点赞数变化可能影响排序）
+    sort_cache.invalidate("posts:")
     
-    raise HTTPException(status_code=404, detail="帖子不存在")
+    return result_container[0]
 
 @router.post("/api/posts/{post_id}/favorite")
 async def toggle_favorite(post_id: str, current_user: str = Depends(require_auth)):
     """
-    收藏/取消收藏
+    收藏/取消收藏（原子操作，并发安全）
     """
-    posts_db = db.load_data("posts.json", default_data=[])
+    result_container = [None]
+    
+    def updater(data):
+        for post in data:
+            if post["id"] == post_id:
+                favorited_by = post.get("favorited_by", [])
+                if current_user in favorited_by:
+                    favorited_by.remove(current_user)
+                    post["favorites"] = max(0, post.get("favorites", 0) - 1)
+                    action = "unfavorited"
+                else:
+                    favorited_by.append(current_user)
+                    post["favorites"] = post.get("favorites", 0) + 1
+                    action = "favorited"
+                post["favorited_by"] = favorited_by
+                result_container[0] = {"status": "success", "action": action, "favorites": post["favorites"]}
+                return
+        result_container[0] = None  # 未找到帖子
+    
+    db.atomic_update("posts.json", updater, default_data=[])
+    
+    if result_container[0] is None:
+        raise HTTPException(status_code=404, detail="帖子不存在")
     
-    for post in posts_db:
-        if post["id"] == post_id:
-            favorited_by = post.get("favorited_by", [])
-            
-            if current_user in favorited_by:
-                favorited_by.remove(current_user)
-                post["favorites"] = max(0, post.get("favorites", 0) - 1)
-                action = "unfavorited"
-            else:
-                favorited_by.append(current_user)
-                post["favorites"] = post.get("favorites", 0) + 1
-                action = "favorited"
-            
-            post["favorited_by"] = favorited_by
-            db.save_data("posts.json", posts_db)
-            
-            return {"status": "success", "action": action, "favorites": post["favorites"]}
+    # 🗂️ 清除排序缓存（收藏数变化可能影响排序）
+    sort_cache.invalidate("posts:")
     
-    raise HTTPException(status_code=404, detail="帖子不存在")
+    return result_container[0]
 
 # ==========================================
 # 🎁 打赏接口
@@ -240,62 +299,78 @@ async def toggle_favorite(post_id: str, current_user: str = Depends(require_auth
 @router.post("/api/posts/{post_id}/tip")
 async def tip_post(post_id: str, amount: int, is_anon: bool = False, current_user: str = Depends(require_auth)):
     """
-    打赏帖子
+    打赏帖子（原子操作，并发安全）
     """
     if amount <= 0:
         raise HTTPException(status_code=400, detail="打赏金额必须大于0")
     
-    posts_db = db.load_data("posts.json", default_data=[])
-    users_db = db.load_data("users.json", default_data={})
-    
-    # 查找帖子
-    target_post = None
-    for post in posts_db:
-        if post["id"] == post_id:
-            target_post = post
-            break
-    
-    if not target_post:
+    result_container = [None]
+    
+    def updater(data):
+        # 在锁内查找帖子
+        target_post = None
+        for post in data:
+            if post["id"] == post_id:
+                target_post = post
+                break
+        
+        if not target_post:
+            result_container[0] = {"error": "not_found"}
+            return
+        
+        # 不能打赏自己
+        if target_post.get("author") == current_user:
+            result_container[0] = {"error": "self_tip"}
+            return
+        
+        # 在锁内操作用户余额
+        users_db = db.load_data("users.json", default_data={})
+        tipper = users_db.get(current_user)
+        if not tipper or tipper.get("balance", 0) < amount:
+            result_container[0] = {"error": "insufficient_balance"}
+            return
+        
+        author_account = target_post.get("author")
+        author = users_db.get(author_account)
+        if not author:
+            result_container[0] = {"error": "author_not_found"}
+            return
+        
+        # 扣款加款
+        tipper["balance"] -= amount
+        author["balance"] += amount
+        
+        # 更新打赏榜单
+        tip_board = target_post.get("tip_board", [])
+        existing = next((t for t in tip_board if t["account"] == current_user), None)
+        if existing:
+            existing["amount"] += amount
+        else:
+            tip_board.append({"account": current_user, "amount": amount, "is_anon": is_anon})
+        tip_board.sort(key=lambda x: x["amount"], reverse=True)
+        target_post["tip_board"] = tip_board
+        
+        # 保存用户数据
+        db.save_data("users.json", users_db)
+        
+        result_container[0] = {"status": "success", "message": f"成功打赏 {amount} 积分"}
+    
+    db.atomic_update("posts.json", updater, default_data=[])
+    
+    # 🗂️ 清除排序缓存（打赏可能影响排序）
+    sort_cache.invalidate("posts:")
+    
+    result = result_container[0]
+    if result is None or result.get("error") == "not_found":
         raise HTTPException(status_code=404, detail="帖子不存在")
-    
-    # 不能打赏自己
-    if target_post.get("author") == current_user:
+    if result.get("error") == "self_tip":
         raise HTTPException(status_code=400, detail="不能打赏自己的帖子")
-    
-    # 检查余额（users_db 是字典格式）
-    tipper = users_db.get(current_user)
-    
-    if not tipper or tipper.get("balance", 0) < amount:
+    if result.get("error") == "insufficient_balance":
         raise HTTPException(status_code=400, detail="余额不足")
+    if result.get("error") == "author_not_found":
+        raise HTTPException(status_code=404, detail="作者账户不存在")
     
-    # 扣款
-    tipper["balance"] = tipper.get("balance", 0) - amount
-    
-    # 给作者加钱
-    author = users_db.get(target_post.get("author"))
-    if author:
-        author["balance"] = author.get("balance", 0) + amount
-    
-    # 更新打赏榜单
-    tip_board = target_post.get("tip_board", [])
-    existing = next((t for t in tip_board if t["account"] == current_user), None)
-    if existing:
-        existing["amount"] += amount
-    else:
-        tip_board.append({
-            "account": current_user,
-            "amount": amount,
-            "is_anon": is_anon
-        })
-    
-    # 按金额排序
-    tip_board.sort(key=lambda x: x["amount"], reverse=True)
-    target_post["tip_board"] = tip_board
-    
-    db.save_data("posts.json", posts_db)
-    db.save_data("users.json", users_db)
-    
-    return {"status": "success", "message": f"成功打赏 {amount} 积分"}
+    return result
 
 # ==========================================
 # 💬 评论接口（复用通用评论系统）
@@ -356,6 +431,9 @@ async def add_post_comment(post_id: str, content: str, current_user: str = Depen
     comments_db[post_id] = post_comments
     db.save_data("comments.json", comments_db)
     
+    # 🗂️ 清除排序缓存（评论数变化可能影响排序）
+    sort_cache.invalidate("posts:")
+    
     # 更新帖子评论数
     for post in posts_db:
         if post["id"] == post_id:
@@ -364,3 +442,17 @@ async def add_post_comment(post_id: str, content: str, current_user: str = Depen
     db.save_data("posts.json", posts_db)
     
     return {"status": "success", "data": new_comment}
+
+
+@router.post("/api/posts/{post_id}/view")
+async def record_post_view(post_id: str, current_user: str = Depends(require_auth)):
+    """
+    记录帖子访问量
+    👁️ 需要用户认证，每个用户只计算一次总访问量，日访问量每次调用都增加
+    """
+    result = record_view("posts.json", post_id, current_user)
+    
+    if result is None:
+        raise HTTPException(status_code=404, detail="帖子不存在")
+    
+    return {"status": "success", "views": result["views"], "daily_views": result["daily_views"]}

router_tasks.py

@@ -19,6 +19,7 @@ from 安全认证 import require_auth
 from notifications import add_notification
 from database_sql import get_db
 from models_sql import Wallet, Transaction
+from db_utils import record_view, sort_cache
 import time
 import uuid
 import hashlib
@@ -235,13 +236,26 @@ async def get_tasks(
         # 默认不显示已取消和过期的任务
         filtered = [t for t in filtered if t.get("status") not in ["cancelled", "expired"]]
     
-    # 排序
-    if sort == "price":
-        filtered = sorted(filtered, key=lambda x: x.get("total_price", 0), reverse=True)
-    elif sort == "deadline":
-        filtered = sorted(filtered, key=lambda x: x.get("deadline", "9999"))
-    else:  # latest
-        filtered = sorted(filtered, key=lambda x: x.get("created_at", 0), reverse=True)
+    # 🗂️ 使用排序缓存优化排序性能
+    cache_key = f"tasks:{status or 'all'}:{sort}"
+    
+    def sort_fn(data):
+        if sort == "price":
+            data.sort(key=lambda x: x.get("total_price", 0), reverse=True)
+        elif sort == "deadline":
+            data.sort(key=lambda x: x.get("deadline", "9999"))
+        elif sort == "views":  # 👁️ 按总访问量排序
+            data.sort(key=lambda x: x.get("views", 0), reverse=True)
+        elif sort == "daily_views":  # 👁️ 按日访问量排序
+            data.sort(key=lambda x: x.get("daily_views", 0), reverse=True)
+        elif sort == "likes":  # ❤️ 按点赞数排序
+            data.sort(key=lambda x: x.get("likes", 0), reverse=True)
+        elif sort == "favorites":  # ❤️ 按收藏数排序
+            data.sort(key=lambda x: x.get("favorites", 0), reverse=True)
+        else:  # latest
+            data.sort(key=lambda x: x.get("created_at", 0), reverse=True)
+    
+    filtered = sort_cache.get_sorted(cache_key, filtered, sort_fn)
     
     # 分页
     start = (page - 1) * limit
@@ -252,8 +266,10 @@ async def get_tasks(
     result = []
     for task in paged:
         publisher_info = user_map.get(task.get("publisher"), {})
+        # 👁️ 过滤敏感字段（列表接口过滤 liked_by, favorited_by, viewed_by）
+        task_data = {k: v for k, v in task.items() if k not in ["viewed_by", "liked_by", "favorited_by"]}
         result.append({
-            **task,
+            **task_data,
             "publisher_name": publisher_info.get("name", task.get("publisher")),
             "publisher_avatar": publisher_info.get("avatarDataUrl", ""),
             "status_text": TASK_STATUS.get(task.get("status"), "未知")
@@ -293,10 +309,13 @@ async def get_task_detail(task_id: str, current_user: str = None):
                     "avatar": app_user.get("avatarDataUrl", "")
                 })
             
+            # 👁️ 过滤敏感字段（详情接口保留 liked_by 和 favorited_by，过滤 viewed_by）
+            task_data = {k: v for k, v in task.items() if k != "viewed_by"}
+            
             return {
                 "status": "success",
                 "data": {
-                    **task,
+                    **task_data,
                     "publisher_name": publisher_info.get("name", task.get("publisher")),
                     "publisher_avatar": publisher_info.get("avatarDataUrl", ""),
                     "assignee_name": assignee_info.get("name") if assignee_info else None,
@@ -370,11 +389,20 @@ async def create_task(task: TaskCreate, current_user: str = Depends(require_auth
         # 申诉相关
         "dispute_id": None,         # 关联的申诉ID
         # 💳 支付状态
-        "frozen_amount": task.totalPrice  # 已冻结金额
+        "frozen_amount": task.totalPrice,  # 已冻结金额
+        # 互动数据
+        "likes": 0,
+        "favorites": 0,
+        "comments": 0,
+        "liked_by": [],
+        "favorited_by": [],
+        "tip_board": []  # 打赏榜单
     }
     
     tasks_db.insert(0, new_task)
     db.save_data("tasks.json", tasks_db)
+    # 🗂️ 清除排序缓存
+    sort_cache.invalidate("tasks:")
     
     # 💳 记录冻结交易
     create_task_transaction(
@@ -439,6 +467,8 @@ async def update_task(task_id: str, update_data: TaskUpdate, current_user: str =
                     changes.append("截止日期")
             
             db.save_data("tasks.json", tasks_db)
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("tasks:")
             
             # 📢 如果有接单人，发送通知
             if task.get("assignee") and changes:
@@ -503,7 +533,9 @@ async def cancel_task(task_id: str, current_user: str = Depends(require_auth), d
                 task["refunded"] = frozen_amount > 0
                 task["refund_amount"] = frozen_amount
                 db.save_data("tasks.json", tasks_db)
-                
+                # 🗂️ 清除排序缓存
+                sort_cache.invalidate("tasks:")
+                            
                 return {"status": "success", "refunded_amount": frozen_amount}
     
     raise HTTPException(status_code=404, detail="任务不存在")
@@ -541,6 +573,8 @@ async def apply_task(task_id: str, message: str = None, current_user: str = Depe
             task["applicants"] = applicants
             
             db.save_data("tasks.json", tasks_db)
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("tasks:")
             
             # 🔔 通知发布者：有人申请接单
             add_notification(task.get("publisher"), {
@@ -575,6 +609,8 @@ async def cancel_apply(task_id: str, current_user: str = Depends(require_auth)):
             
             task["applicants"] = new_applicants
             db.save_data("tasks.json", tasks_db)
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("tasks:")
             return {"status": "success"}
     
     raise HTTPException(status_code=404, detail="任务不存在")
@@ -628,6 +664,8 @@ async def assign_task(task_id: str, assignee: str, current_user: str = Depends(r
             
             db.save_data("tasks.json", tasks_db)
             db_session.commit()
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("tasks:")
             
             # 🔔 通知接单者：被指派接单
             add_notification(assignee, {
@@ -672,6 +710,8 @@ async def submit_task(task_id: str, deliverables: list, note: str = None, curren
             task["status"] = "submitted"
             
             db.save_data("tasks.json", tasks_db)
+            # 🗂️ 清除排序缓存
+            sort_cache.invalidate("tasks:")
             
             # 🔔 通知发布者：接单者已提交成果
             add_notification(task.get("publisher"), {
@@ -760,6 +800,8 @@ async def accept_task(task_id: str, is_accepted: bool, feedback: str = None, cur
                         logger.warning(f"TASK_COMPLETE_JSON_SAVE_FAILED | 资金已结算但任务状态未更新，需手动修复: {str(e)}")
                     
                     logger.info(f"TASK_COMPLETE | publisher={current_user} | assignee={assignee_account} | task={task_id} | total={total_price}")
+                    # 🗂️ 清除排序缓存（任务状态变化）
+                    sort_cache.invalidate("tasks:")
                     message = f"验收通过，已支付 {total_price} 积分给接单者"
                     
                     # 🔔 支付通知：接单者收到款项
@@ -785,6 +827,8 @@ async def accept_task(task_id: str, is_accepted: bool, feedback: str = None, cur
                 message = "验收不通过，接单者可以修改后重新提交"
                 
                 db.save_data("tasks.json", tasks_db)
+                # 🗂️ 清除排序缓存（任务状态变化）
+                sort_cache.invalidate("tasks:")
                 
                 # 🔔 通知接单者：验收未通过
                 add_notification(assignee_account, {
@@ -863,6 +907,8 @@ async def create_dispute(task_id: str, reason: str, evidence: list = None, curre
             
             db.save_data("tasks.json", tasks_db)
             db.save_data("disputes.json", disputes_db)
+            # 🗂️ 清除排序缓存（任务状态变为争议中）
+            sort_cache.invalidate("tasks:")
             
             # 🔔 通知对方：已发起申诉
             other_party = task.get("assignee") if is_publisher else task.get("publisher")
@@ -932,6 +978,8 @@ async def respond_dispute(dispute_id: str, response: str, evidence: list = None,
             dispute["status"] = "responded"
             
             db.save_data("disputes.json", disputes_db)
+            # 🗂️ 清除排序缓存（争议状态变化可能影响排序）
+            sort_cache.invalidate("tasks:")
             
             # 🔔 通知申诉方：对方已回应
             add_notification(dispute.get("initiator"), {
@@ -1102,6 +1150,8 @@ async def resolve_dispute(dispute_id: str, resolution: str, ratio: int = None, n
             db.save_data("disputes.json", disputes_db)
             db.save_data("tasks.json", tasks_db)
             db.save_data("users.json", users_db)
+            # 🗂️ 清除排序缓存（任务状态变为已完成）
+            sort_cache.invalidate("tasks:")
             
             # 🔔 通知双方：仲裁结果
             resolution_text = {
@@ -1154,4 +1204,247 @@ async def get_my_tasks(role: str = "publisher", current_user: str = Depends(requ
     # 按创建时间倒序
     my_tasks = sorted(my_tasks, key=lambda x: x.get("created_at", 0), reverse=True)
     
-    return {"status": "success", "data": my_tasks}
+    # 过滤敏感字段（列表接口过滤 viewed_by、liked_by、favorited_by）
+    result = []
+    for task in my_tasks:
+        task_data = {k: v for k, v in task.items() if k not in ["viewed_by", "liked_by", "favorited_by"]}
+        result.append(task_data)
+    
+    return {"status": "success", "data": result}
+
+
+@router.post("/api/tasks/{task_id}/view")
+async def record_task_view(task_id: str, current_user: str = Depends(require_auth)):
+    """
+    记录任务访问量
+    👁️ 需要用户认证，每个用户只计算一次总访问量，日访问量每次调用都增加
+    """
+    result = record_view("tasks.json", task_id, current_user)
+    
+    if result is None:
+        raise HTTPException(status_code=404, detail="任务不存在")
+    
+    return {"status": "success", "views": result["views"], "daily_views": result["daily_views"]}
+
+# ==========================================
+# ❤️ 互动接口（点赞/收藏）
+# ==========================================
+
+@router.post("/api/tasks/{task_id}/like")
+async def toggle_like(task_id: str, current_user: str = Depends(require_auth)):
+    """
+    点赞/取消点赞（原子操作，并发安全）
+    """
+    result_container = [None]
+    
+    def updater(data):
+        for task in data:
+            if task["id"] == task_id:
+                liked_by = task.get("liked_by", [])
+                if current_user in liked_by:
+                    liked_by.remove(current_user)
+                    task["likes"] = max(0, task.get("likes", 0) - 1)
+                    action = "unliked"
+                else:
+                    liked_by.append(current_user)
+                    task["likes"] = task.get("likes", 0) + 1
+                    action = "liked"
+                task["liked_by"] = liked_by
+                result_container[0] = {"status": "success", "action": action, "likes": task["likes"]}
+                return
+        result_container[0] = None  # 未找到任务
+    
+    db.atomic_update("tasks.json", updater, default_data=[])
+    
+    if result_container[0] is None:
+        raise HTTPException(status_code=404, detail="任务不存在")
+    
+    # 🗂️ 清除排序缓存（点赞数变化可能影响排序）
+    sort_cache.invalidate("tasks:")
+    
+    return result_container[0]
+
+@router.post("/api/tasks/{task_id}/favorite")
+async def toggle_favorite(task_id: str, current_user: str = Depends(require_auth)):
+    """
+    收藏/取消收藏（原子操作，并发安全）
+    """
+    result_container = [None]
+    
+    def updater(data):
+        for task in data:
+            if task["id"] == task_id:
+                favorited_by = task.get("favorited_by", [])
+                if current_user in favorited_by:
+                    favorited_by.remove(current_user)
+                    task["favorites"] = max(0, task.get("favorites", 0) - 1)
+                    action = "unfavorited"
+                else:
+                    favorited_by.append(current_user)
+                    task["favorites"] = task.get("favorites", 0) + 1
+                    action = "favorited"
+                task["favorited_by"] = favorited_by
+                result_container[0] = {"status": "success", "action": action, "favorites": task["favorites"]}
+                return
+        result_container[0] = None  # 未找到任务
+    
+    db.atomic_update("tasks.json", updater, default_data=[])
+    
+    if result_container[0] is None:
+        raise HTTPException(status_code=404, detail="任务不存在")
+    
+    # 🗂️ 清除排序缓存（收藏数变化可能影响排序）
+    sort_cache.invalidate("tasks:")
+    
+    return result_container[0]
+
+# ==========================================
+# 🎁 打赏接口
+# ==========================================
+
+@router.post("/api/tasks/{task_id}/tip")
+async def tip_task(task_id: str, amount: int, is_anon: bool = False, current_user: str = Depends(require_auth)):
+    """
+    打赏任务（原子操作，并发安全）
+    """
+    if amount <= 0:
+        raise HTTPException(status_code=400, detail="打赏金额必须大于0")
+    
+    result_container = [None]
+    
+    def updater(data):
+        # 在锁内查找任务
+        target_task = None
+        for task in data:
+            if task["id"] == task_id:
+                target_task = task
+                break
+        
+        if not target_task:
+            result_container[0] = {"error": "not_found"}
+            return
+        
+        # 不能打赏自己
+        if target_task.get("publisher") == current_user:
+            result_container[0] = {"error": "self_tip"}
+            return
+        
+        # 在锁内操作用户余额
+        users_db = db.load_data("users.json", default_data={})
+        tipper = users_db.get(current_user)
+        if not tipper or tipper.get("balance", 0) < amount:
+            result_container[0] = {"error": "insufficient_balance"}
+            return
+        
+        publisher = target_task.get("publisher")
+        author = users_db.get(publisher)
+        if not author:
+            result_container[0] = {"error": "author_not_found"}
+            return
+        
+        # 扣款加款
+        tipper["balance"] -= amount
+        author["balance"] += amount
+        
+        # 更新打赏榜单
+        tip_board = target_task.get("tip_board", [])
+        existing = next((t for t in tip_board if t["account"] == current_user), None)
+        if existing:
+            existing["amount"] += amount
+        else:
+            tip_board.append({"account": current_user, "amount": amount, "is_anon": is_anon})
+        tip_board.sort(key=lambda x: x["amount"], reverse=True)
+        target_task["tip_board"] = tip_board
+        
+        # 保存用户数据
+        db.save_data("users.json", users_db)
+        
+        result_container[0] = {"status": "success", "message": f"成功打赏 {amount} 积分"}
+    
+    db.atomic_update("tasks.json", updater, default_data=[])
+    
+    # 🗂️ 清除排序缓存（打赏可能影响排序）
+    sort_cache.invalidate("tasks:")
+    
+    result = result_container[0]
+    if result is None or result.get("error") == "not_found":
+        raise HTTPException(status_code=404, detail="任务不存在")
+    if result.get("error") == "self_tip":
+        raise HTTPException(status_code=400, detail="不能打赏自己的任务")
+    if result.get("error") == "insufficient_balance":
+        raise HTTPException(status_code=400, detail="余额不足")
+    if result.get("error") == "author_not_found":
+        raise HTTPException(status_code=404, detail="作者账户不存在")
+    
+    return result
+
+# ==========================================
+# 💬 评论接口（复用通用评论系统）
+# ==========================================
+
+@router.get("/api/tasks/{task_id}/comments")
+async def get_task_comments(task_id: str):
+    """
+    获取任务评论
+    """
+    comments_db = db.load_data("comments.json", default_data={})
+    users_db = db.load_data("users.json", default_data={})
+    
+    # users_db 已经是 {account: user_info} 格式，直接使用
+    user_map = users_db
+    
+    # comments_db 是 {item_id: [comments]} 格式
+    task_comments = comments_db.get(task_id, [])
+    
+    # 附加用户信息
+    result = []
+    for c in task_comments:
+        author_info = user_map.get(c.get("author"), {})
+        result.append({
+            **c,
+            "author_name": author_info.get("name", c.get("author")),
+            "author_avatar": author_info.get("avatarDataUrl", "")
+        })
+    
+    return {"status": "success", "data": result}
+
+@router.post("/api/tasks/{task_id}/comments")
+async def add_task_comment(task_id: str, content: str, current_user: str = Depends(require_auth)):
+    """
+    添加任务评论
+    """
+    if not content or not content.strip():
+        raise HTTPException(status_code=400, detail="评论内容不能为空")
+    
+    tasks_db = db.load_data("tasks.json", default_data=[])
+    comments_db = db.load_data("comments.json", default_data={})
+    
+    # 检查任务是否存在
+    task_exists = any(t["id"] == task_id for t in tasks_db)
+    if not task_exists:
+        raise HTTPException(status_code=404, detail="任务不存在")
+    
+    new_comment = {
+        "id": f"comment_{int(time.time())}_{uuid.uuid4().hex[:6]}",
+        "author": current_user,
+        "content": content.strip(),
+        "created_at": int(time.time())
+    }
+    
+    # comments_db 是 {item_id: [comments]} 格式
+    task_comments = comments_db.get(task_id, [])
+    task_comments.insert(0, new_comment)
+    comments_db[task_id] = task_comments
+    db.save_data("comments.json", comments_db)
+    
+    # 🗂️ 清除排序缓存（评论数变化可能影响排序）
+    sort_cache.invalidate("tasks:")
+    
+    # 更新任务评论数
+    for task in tasks_db:
+        if task["id"] == task_id:
+            task["comments"] = task.get("comments", 0) + 1
+            break
+    db.save_data("tasks.json", tasks_db)
+    
+    return {"status": "success", "data": new_comment}

数据库连接.py

@@ -533,3 +533,136 @@ def get_backup_files() -> list:
     if not os.path.exists(BACKUP_DIR):
         return []
     return [f for f in os.listdir(BACKUP_DIR) if f.endswith(".bak")]
+
+
+# ==========================================
+# 🔒 原子更新函数（解决并发安全问题）
+# ==========================================
+
+def atomic_update(file_name: str, updater, default_data=None):
+    """
+    原子性地读取、修改、保存 JSON 数据文件。
+    
+    整个过程在同一把文件锁内完成，避免并发覆盖问题。
+    这是解决 read-modify-write 并发安全问题的专用方法。
+    
+    参数：
+        file_name: 文件名（如 items.json）
+        updater: 回调函数，接收数据并原地修改，返回任意结果
+        default_data: 数据不存在时的默认值
+    
+    返回：
+        updater 的返回值
+    
+    示例：
+        def increment_views(data):
+            for item in data:
+                if item["id"] == target_id:
+                    item["views"] = item.get("views", 0) + 1
+                    return item["views"]
+            return None
+        
+        result = atomic_update("items.json", increment_views, default_data=[])
+    """
+    # 默认值处理
+    if default_data is None:
+        default_data = {} if file_name == "users.json" else []
+    
+    local_path = os.path.join(LOCAL_DB_DIR, file_name)
+    file_lock = _get_file_lock(file_name)
+    
+    with file_lock:
+        # ========== 第一步：从文件读取数据（跳过缓存） ==========
+        # 在锁内直接读取文件，确保读到最新数据
+        if not os.path.exists(local_path):
+            # 文件不存在，尝试从 HF 下载
+            if HF_TOKEN:
+                try:
+                    downloaded_path = hf_hub_download(
+                        repo_id=DATASET_REPO_ID,
+                        repo_type="dataset",
+                        filename=file_name,
+                        token=HF_TOKEN
+                    )
+                    with open(downloaded_path, "r", encoding="utf-8") as f:
+                        data = json.load(f)
+                    # 保存到本地
+                    with open(local_path, "w", encoding="utf-8") as f:
+                        json.dump(data, f, ensure_ascii=False, indent=2)
+                except Exception as e:
+                    logger.warning(f"从 HF 下载 {file_name} 失败: {e}")
+                    data = default_data
+            else:
+                data = default_data
+        else:
+            try:
+                with open(local_path, "r", encoding="utf-8") as f:
+                    # 获取共享锁（读锁）
+                    _lock_file(f, exclusive=False)
+                    try:
+                        data = json.load(f)
+                    finally:
+                        _unlock_file(f)
+            except json.JSONDecodeError as e:
+                logger.error(f"JSON 解析错误 {file_name}: {e}")
+                # 尝试从备份恢复
+                data = _recover_from_backup(file_name, default_data)
+            except Exception as e:
+                logger.warning(f"读取 {file_name} 失败: {e}")
+                data = default_data
+        
+        # ========== 第二步：在锁内执行更新操作 ==========
+        result = updater(data)
+        
+        # ========== 第三步：原子写入 ==========
+        backup_path = os.path.join(BACKUP_DIR, f"{file_name}.bak")
+        
+        # 备份现有文件
+        if os.path.exists(local_path):
+            try:
+                shutil.copy2(local_path, backup_path)
+            except Exception as e:
+                logger.warning(f"备份 {file_name} 失败: {e}")
+        
+        # 原子写入：临时文件 + 重命名
+        temp_fd, temp_path = tempfile.mkstemp(
+            suffix=".tmp",
+            prefix=f"{file_name}_",
+            dir=LOCAL_DB_DIR
+        )
+        
+        try:
+            with os.fdopen(temp_fd, "w", encoding="utf-8") as f:
+                json.dump(data, f, ensure_ascii=False, indent=2)
+            
+            # 验证写入成功
+            with open(temp_path, "r", encoding="utf-8") as f:
+                verified_data = json.load(f)
+            
+            if type(verified_data) != type(data):
+                raise ValueError("数据类型验证失败")
+            if hasattr(data, "__len__") and len(verified_data) != len(data):
+                raise ValueError(f"数据长度不一致: {len(verified_data)} vs {len(data)}")
+            
+            # 原子重命名
+            if sys.platform == "win32" and os.path.exists(local_path):
+                os.remove(local_path)
+            os.rename(temp_path, local_path)
+            
+        except Exception as e:
+            if os.path.exists(temp_path):
+                os.remove(temp_path)
+            logger.error(f"保存 {file_name} 失败: {e}")
+            raise
+    
+    # ========== 第四步：更新内存缓存 ==========
+    _set_to_cache(file_name, data, local_path)
+    
+    # ========== 第五步：异步同步到云端 ==========
+    if HF_TOKEN:
+        try:
+            _upload_executor.submit(_background_upload_to_hf, local_path, file_name)
+        except Exception as e:
+            logger.warning(f"提交上传任务失败: {e}")
+    
+    return result