fix(desktop): scope account access to owning client and extend identity verification
Backend CI / Backend (push) Successful in 14m18s
Backend CI / Backend (push) Successful in 14m18s
Restrict account tracking, probing, and health reporting to accounts owned by the current client (client_id match). Extend identity-match verification to bilibili, juejin, and smzdm so session validity is confirmed locally rather than deferred to remote health state. Server-side account view now uses stored client_id as authoritative owner instead of presence data. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -222,6 +222,8 @@ type BilibiliSpaceInfoResponse = {
|
||||
}
|
||||
|
||||
type JuejinProfileResponse = {
|
||||
err_no?: number
|
||||
err_msg?: string
|
||||
data?: {
|
||||
bui_user?: {
|
||||
user_id?: string
|
||||
@@ -2540,6 +2542,16 @@ export async function silentRefreshPublishAccountSession(
|
||||
return await verifyZolConsoleAccess(window, handle.session, account)
|
||||
}
|
||||
|
||||
if (platformRequiresDetectedAccountIdentityMatch(account.platform)) {
|
||||
const detected = await definition
|
||||
.detect({
|
||||
session: handle.session,
|
||||
webContents: window.webContents,
|
||||
})
|
||||
.catch(() => null)
|
||||
return detected ? detectedAccountMatchesIdentity(detected, account) : false
|
||||
}
|
||||
|
||||
if (platformRequiresDetectedAccountForConsoleAccess(account.platform)) {
|
||||
const detected = await definition
|
||||
.detect({
|
||||
@@ -2860,7 +2872,14 @@ function platformRequiresDetectedAccountForConsoleAccess(platformId: string): bo
|
||||
}
|
||||
|
||||
function platformRequiresDetectedAccountIdentityMatch(platformId: string): boolean {
|
||||
return platformId === 'qiehao' || platformId === 'wangyihao' || platformId === 'zol'
|
||||
return (
|
||||
platformId === 'qiehao' ||
|
||||
platformId === 'wangyihao' ||
|
||||
platformId === 'zol' ||
|
||||
platformId === 'bilibili' ||
|
||||
platformId === 'juejin' ||
|
||||
platformId === 'smzdm'
|
||||
)
|
||||
}
|
||||
|
||||
async function verifyZolConsoleAccess(
|
||||
@@ -2980,6 +2999,16 @@ async function verifyPublishAccountConsoleAccess(
|
||||
return await verifyZolConsoleAccess(window, handle.session, account)
|
||||
}
|
||||
|
||||
if (platformRequiresDetectedAccountIdentityMatch(account.platform)) {
|
||||
const detected = await definition
|
||||
.detect({
|
||||
session: handle.session,
|
||||
webContents: window.webContents,
|
||||
})
|
||||
.catch(() => null)
|
||||
return detected ? detectedAccountMatchesIdentity(detected, account) : false
|
||||
}
|
||||
|
||||
if (platformRequiresDetectedAccountForConsoleAccess(account.platform)) {
|
||||
const detected = await definition
|
||||
.detect({
|
||||
@@ -3207,6 +3236,10 @@ async function detectJuejin({ session }: DetectContext): Promise<DetectedAccount
|
||||
},
|
||||
).catch(() => null)
|
||||
|
||||
if (!response || (typeof response.err_no === 'number' && response.err_no !== 0)) {
|
||||
return null
|
||||
}
|
||||
|
||||
const user = response?.data?.bui_user
|
||||
if (!user?.user_id || !user.screen_name) {
|
||||
return null
|
||||
@@ -3467,7 +3500,7 @@ async function detectSmzdm({
|
||||
return fromCookieRequest
|
||||
}
|
||||
|
||||
return await deriveSmzdmCookieAccount(session, pageState)
|
||||
return null
|
||||
}
|
||||
|
||||
async function detectWeixinGzh({ session }: DetectContext): Promise<DetectedAccount | null> {
|
||||
@@ -4012,7 +4045,10 @@ export async function openPublishAccountConsole(account: PublishAccountIdentity)
|
||||
throw new Error(`desktop_platform_not_supported:${account.platform}`)
|
||||
}
|
||||
|
||||
const handle = await ensurePublishAccountSessionHandle(account)
|
||||
const handle = await findLocalPublishAccountSessionHandle(account)
|
||||
if (!handle) {
|
||||
throw new Error(`desktop_account_session_expired:${account.platform}`)
|
||||
}
|
||||
const consoleURL = await resolvePublishAccountConsoleURL(definition, handle.session)
|
||||
if (platformRequiresDetectedAccountForConsoleAccess(account.platform)) {
|
||||
const detected = await definition
|
||||
|
||||
Reference in New Issue
Block a user