fix: prevent silent config fallback and data loss on startup

This commit introduces fail-fast error handling for config loading failures, replacing the previous silent fallback to default config which could cause data loss (e.g., all user providers disappearing). Key changes: Backend (Rust): - Replace AppState::new() with AppState::try_new() to explicitly propagate errors - Remove Default trait to prevent accidental empty state creation - Add init_status module as global error cache (OnceLock + RwLock) - Implement dual-channel error notification: 1. Event emission (low-latency, may race with frontend subscription) 2. Command-based polling (reliable, guaranteed delivery) - Remove unconditional save on startup to prevent overwriting corrupted config Frontend (TypeScript): - Add event listener for "configLoadError" (fast path) - Add bootstrap-time polling via get_init_error command (reliable path) - Display detailed error dialog with recovery instructions - Prompt user to exit for manual repair Impact: - First-time users: No change (load() returns Ok(default) when file missing) - Corrupted config: Application shows error and exits gracefully - Prevents accidental config overwrite during initialization Fixes the only critical issue identified in previous code review (silent fallback causing data loss).
2025-11-03 22:33:10 +08:00
parent 36fd61b2a2
commit 4afa68eac6
5 changed files with 154 additions and 29 deletions
--- a/src-tauri/src/commands/misc.rs
+++ b/src-tauri/src/commands/misc.rs
@@ -2,6 +2,7 @@

 use tauri::AppHandle;
 use tauri_plugin_opener::OpenerExt;
+use crate::init_status::{get_init_error, InitErrorPayload};

 /// 打开外部链接
 #[tauri::command]
@@ -43,3 +44,10 @@ pub async fn is_portable_mode() -> Result<bool, String> {
        Ok(false)
    }
 }
+
+/// 获取应用启动阶段的初始化错误（若有）。
+/// 用于前端在早期主动拉取，避免事件订阅竞态导致的提示缺失。
+#[tauri::command]
+pub async fn get_init_error() -> Result<Option<InitErrorPayload>, String> {
+    Ok(get_init_error())
+}
--- a/src-tauri/src/init_status.rs
+++ b/src-tauri/src/init_status.rs
@@ -0,0 +1,42 @@
+use serde::Serialize;
+use std::sync::{OnceLock, RwLock};
+
+#[derive(Debug, Clone, Serialize)]
+pub struct InitErrorPayload {
+    pub path: String,
+    pub error: String,
+}
+
+static INIT_ERROR: OnceLock<RwLock<Option<InitErrorPayload>>> = OnceLock::new();
+
+fn cell() -> &'static RwLock<Option<InitErrorPayload>> {
+    INIT_ERROR.get_or_init(|| RwLock::new(None))
+}
+
+pub fn set_init_error(payload: InitErrorPayload) {
+    if let Ok(mut guard) = cell().write() {
+        *guard = Some(payload);
+    }
+}
+
+pub fn get_init_error() -> Option<InitErrorPayload> {
+    cell().read().ok()?.clone()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn init_error_roundtrip() {
+        let payload = InitErrorPayload {
+            path: "/tmp/config.json".into(),
+            error: "broken json".into(),
+        };
+        set_init_error(payload.clone());
+        let got = get_init_error().expect("should get payload back");
+        assert_eq!(got.path, payload.path);
+        assert_eq!(got.error, payload.error);
+    }
+}
+
--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -6,6 +6,7 @@ mod codex_config;
 mod commands;
 mod config;
 mod error;
+mod init_status;
 mod mcp;
 mod migration;
 mod provider;
@@ -437,7 +438,28 @@ pub fn run() {
            app_store::refresh_app_config_dir_override(app.handle());

            // 初始化应用状态（仅创建一次，并在本函数末尾注入 manage）
-            let app_state = AppState::new();
+            // 如果配置解析失败，则向前端发送错误事件并提前结束 setup（不落盘、不覆盖配置）。
+            let app_state = match AppState::try_new() {
+                Ok(state) => state,
+                Err(err) => {
+                    let path = crate::config::get_app_config_path();
+                    let payload_json = serde_json::json!({
+                        "path": path.display().to_string(),
+                        "error": err.to_string(),
+                    });
+                    // 事件通知（可能早于前端订阅，不保证送达）
+                    if let Err(e) = app.emit("configLoadError", payload_json) {
+                        log::error!("发射配置加载错误事件失败: {}", e);
+                    }
+                    // 同时缓存错误，供前端启动阶段主动拉取
+                    crate::init_status::set_init_error(crate::init_status::InitErrorPayload {
+                        path: path.display().to_string(),
+                        error: err.to_string(),
+                    });
+                    // 不再继续构建托盘/命令依赖的状态，交由前端提示后退出。
+                    return Ok(());
+                }
+            };

            // 迁移旧的 app_config_dir 配置到 Store
            if let Err(e) = app_store::migrate_app_config_dir_from_settings(app.handle()) {
@@ -456,8 +478,7 @@ pub fn run() {
                config_guard.ensure_app(&app_config::AppType::Codex);
            }

-            // 保存配置
-            let _ = app_state.save();
+            // 启动阶段不再无条件保存，避免意外覆盖用户配置。

            // 创建动态托盘菜单
            let menu = create_tray_menu(app.handle(), &app_state)?;
@@ -498,6 +519,7 @@ pub fn run() {
            commands::open_config_folder,
            commands::pick_directory,
            commands::open_external,
+            commands::get_init_error,
            commands::get_app_config_path,
            commands::open_app_config_folder,
            commands::read_live_provider_settings,
--- a/src-tauri/src/store.rs
+++ b/src-tauri/src/store.rs
@@ -7,23 +7,14 @@ pub struct AppState {
    pub config: RwLock<MultiAppConfig>,
 }

-impl Default for AppState {
-    fn default() -> Self {
-        Self::new()
-    }
-}
-
 impl AppState {
    /// 创建新的应用状态
-    pub fn new() -> Self {
-        let config = MultiAppConfig::load().unwrap_or_else(|e| {
-            log::warn!("加载配置失败: {}, 使用默认配置", e);
-            MultiAppConfig::default()
-        });
-
-        Self {
+    /// 注意：仅在配置成功加载时返回；不会在失败时回退默认值。
+    pub fn try_new() -> Result<Self, AppError> {
+        let config = MultiAppConfig::load()?;
+        Ok(Self {
            config: RwLock::new(config),
-        }
+        })
    }

    /// 保存配置到文件