Original Code Analysis
Key exception risk points identified:
- Environment configuration
- Missing or malformed SERVICE_URL (invalid scheme/host)
- Missing API_TOKEN (may cause 401/403)
- HTTP requests
- No timeout specified, risk of hanging
- No retries on transient network errors
- No HTTP status check (HTTPError not handled)
- Streamed downloads not guarded against network drop
- JSON parsing
- resp.json() may raise json.JSONDecodeError
- File system operations
- os.makedirs can raise OSError (permissions, disk full)
- open/write can raise OSError
- Partial file left on failure
- Data structure assumptions
- item['id'] KeyError
- Response shape not validated (‘items’ missing or wrong type)
- Control flow robustness
- Exceptions in fetch_page/download_asset propagate to crash sync_all
To ensure strict, precise exception handling without changing business logic, we add timeouts, targeted retries, explicit status checks, and thorough error handling with clear logs.
Enhanced Code
import os
import json
import time
import logging
from urllib.parse import urlparse
import requests
"""
从服务端分页拉取内容并按需下载附件。
风险点:无超时/重试、HTTP错误未检查、JSON解析失败、磁盘写入失败、环境变量缺失。
"""
# ---- Configuration for robust networking and logging ----
REQUEST_TIMEOUT = (3.05, 15) # (connect timeout, read timeout)
MAX_RETRIES = 3
BACKOFF_FACTOR = 0.6 # exponential backoff: 0.6, 1.2, 2.4...
# Basic logger setup (stdout/stderr)
logger = logging.getLogger(__name__)
if not logger.handlers:
handler = logging.StreamHandler()
formatter = logging.Formatter(
fmt="%(asctime)s | %(levelname)s | %(name)s | %(message)s"
)
handler.setFormatter(formatter)
logger.addHandler(handler)
logger.setLevel(logging.INFO)
BASE_URL = os.getenv('SERVICE_URL', 'https://api.example.com')
TOKEN = os.getenv('API_TOKEN', '')
def _validate_base_url(url: str) -> None:
parsed = urlparse(url)
if not parsed.scheme or not parsed.netloc:
logger.warning(
"BASE_URL %r appears invalid (missing scheme or host). "
"Please set SERVICE_URL like 'https://api.example.com'.",
url
)
def _sleep_backoff(attempt: int) -> None:
# attempt starts at 1
delay = BACKOFF_FACTOR * (2 ** (attempt - 1))
time.sleep(delay)
def _request_with_retry(url: str, *, headers=None, stream: bool = False, timeout=REQUEST_TIMEOUT) -> requests.Response:
"""
GET with strict error handling:
- Timeout and retry on transient errors (Timeout, ConnectionError)
- Retry on 5xx, 429, 408; do not retry on other 4xx
- Raise for non-2xx statuses
"""
headers = headers or {}
last_exc = None
for attempt in range(1, MAX_RETRIES + 1):
try:
resp = requests.get(url, headers=headers, stream=stream, timeout=timeout)
try:
resp.raise_for_status()
except requests.exceptions.HTTPError as http_err:
status = resp.status_code
# Retry server-side errors and known transient client-side codes
if status >= 500 or status in (408, 429):
logger.warning(
"HTTP %s on %s (attempt %d/%d); will retry. Detail: %s",
status, url, attempt, MAX_RETRIES, http_err
)
last_exc = http_err
else:
# Non-retryable client errors
logger.error("HTTP %s on %s; not retrying. Detail: %s", status, url, http_err)
raise
else:
return resp # success path
except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as net_err:
logger.warning(
"Network error on %s (attempt %d/%d); will retry. Detail: %s",
url, attempt, MAX_RETRIES, net_err
)
last_exc = net_err
except requests.exceptions.RequestException as req_err:
# Other non-retryable request errors (InvalidURL, TooManyRedirects, etc.)
logger.error("Request error on %s; not retrying. Detail: %s", url, req_err)
raise
# Retry if not last attempt
if attempt < MAX_RETRIES:
_sleep_backoff(attempt)
# If we exhausted retries, raise the last exception
assert last_exc is not None
raise last_exc
def fetch_page(page=1):
url = f"{BASE_URL}/v1/items?page={page}"
headers = {'Authorization': f'Bearer {TOKEN}'} if TOKEN else {}
# Validate base URL once (non-fatal)
_validate_base_url(BASE_URL)
# Perform request with timeout, status check, and retries
resp = _request_with_retry(url, headers=headers, stream=False, timeout=REQUEST_TIMEOUT)
# JSON parsing with robust error reporting
try:
data = resp.json()
except json.JSONDecodeError as e:
# Try to include a small snippet to aid debugging (avoid huge logs)
snippet = ""
try:
snippet = resp.text[:200]
except Exception:
pass
logger.error(
"Failed to parse JSON for page=%s from %s. Error: %s. Body snippet: %r",
page, url, e, snippet
)
raise
return data
def download_asset(item, folder='./downloads'):
url = item.get('asset_url')
if not url:
logger.info("Item %r has no asset_url; skipping download.", item.get('id', '<unknown>'))
return None
# Ensure item has an 'id' for filename
item_id = item.get('id')
if item_id is None:
logger.warning("Missing 'id' in item; cannot derive filename. Skipping download.")
return None
# Prepare folder
try:
os.makedirs(folder, exist_ok=True)
except OSError as e:
logger.error("Failed to create folder %s: %s", folder, e)
return None
filename = os.path.join(folder, f"{item_id}.bin")
# Download with retry and streaming
try:
resp = _request_with_retry(url, headers={}, stream=True, timeout=REQUEST_TIMEOUT)
except requests.exceptions.RequestException as e:
logger.error("Failed to start download for item %s from %s: %s", item_id, url, e)
return None
# Stream to disk safely; clean up partial files on failure
try:
with open(filename, 'wb') as f:
for chunk in resp.iter_content(chunk_size=8192):
if chunk: # filters keep-alive chunks
f.write(chunk)
except requests.exceptions.RequestException as e:
logger.error("Network error while streaming item %s from %s: %s", item_id, url, e)
try:
if os.path.exists(filename):
os.remove(filename)
except OSError:
pass
return None
except OSError as e:
logger.error("File write error for %s: %s", filename, e)
try:
if os.path.exists(filename):
os.remove(filename)
except OSError:
pass
return None
finally:
try:
resp.close()
except Exception:
pass
return filename
def sync_all():
page = 1
total = 0
while True:
try:
data = fetch_page(page)
except requests.exceptions.RequestException as e:
logger.error("Stopping sync due to request error on page %s: %s", page, e)
break
except json.JSONDecodeError as e:
logger.error("Stopping sync due to JSON parsing error on page %s: %s", page, e)
break
if not isinstance(data, dict):
logger.error("Unexpected response type on page %s: %r", page, type(data))
break
items = data.get('items', [])
if not isinstance(items, list):
logger.error("Unexpected 'items' type on page %s: %r", page, type(items))
break
if not items:
break
for it in items:
if isinstance(it, dict) and it.get('download', False):
# download_asset handles its own exceptions and logs; no need to catch here
download_asset(it)
total += 1
page += 1
# Respectful pacing between pages
time.sleep(0.2)
print(f'Synced {total} items')
if __name__ == '__main__':
sync_all()
Exception Handling Rationale
- Centralized request handling (_request_with_retry)
- Adds connect/read timeouts to prevent hanging.
- Uses requests.Response.raise_for_status to surface HTTP errors explicitly.
- Retries only on transient conditions:
- Network-level issues: Timeout, ConnectionError.
- Server-side 5xx and transient 4xx (408, 429).
- Non-retryable 4xx (e.g., 400, 401, 403, 404) are logged and raised immediately to avoid unintended loops.
- Exponential backoff reduces server load and avoids thundering herd.
- fetch_page
- Validates BASE_URL format once and warns if malformed (non-fatal).
- Delegates HTTP robustness to _request_with_retry.
- Catches json.JSONDecodeError, logs a short response snippet for debugging, then re-raises to stop sync gracefully.
- download_asset
- Verifies required fields (asset_url and id) and logs clearly when missing.
- Protects os.makedirs against OSError (permissions, missing parents, disk/quota issues).
- Wraps streamed download:
- Starts with safe request via _request_with_retry.
- Handles streaming network errors (requests.exceptions.RequestException) distinctly from file I/O errors (OSError).
- Cleans up partial files on failure to avoid corrupt artifacts.
- Ensures Response is closed in a finally block to prevent resource leaks.
- sync_all
- Catches and logs request/JSON failures per page and stops the process gracefully, preserving a clear exit state instead of crashing.
- Validates response/data shapes (dict for data and list for items) before use to guard against schema changes.
- Leaves per-item download exceptions to be handled within download_asset, keeping the main loop focused on control flow.
- Logging
- Provides clear, user-friendly messages with page numbers, item IDs, URLs where helpful.
- Avoids logging sensitive tokens or full large payloads (limits body snippet to 200 chars).
- Uses log levels appropriately: info for normal skips, warning for transient issues, error for terminal failures.
Usage Suggestions
- Configuration
- Set SERVICE_URL to a full URL with scheme and host, e.g., https://api.example.com.
- Set API_TOKEN if the API requires authorization; the code will handle empty tokens but may receive 401/403.
- Adjust REQUEST_TIMEOUT, MAX_RETRIES, and BACKOFF_FACTOR for your environment and API rate limits.
- Logging and observability
- Integrate with your application logger or set LOGLEVEL via environment. For more detail during debugging: logger.setLevel(logging.DEBUG).
- Consider aggregating logs via structured logging (JSON) in production.
- Operational concerns
- Test failure scenarios: invalid URL, network outage, 500s, 429 throttling, malformed JSON, disk full, permission errors.
- Ensure the downloads directory has sufficient space and appropriate permissions.
- If id collisions across pages are possible, ensure naming strategy suffices (e.g., include page or timestamp).
- If the API enforces strict rate limits, consider increasing the inter-page sleep or adding a retry-after handler (using response.headers.get('Retry-After')).
- Safety
- Do not print or log API_TOKEN.
- For extremely large files, you may wish to verify content-length, enforce a maximum download size, or compute checksums after download.
