fix(desktop): scope account access to owning client and extend identity verification
Backend CI / Backend (push) Successful in 14m18s
Backend CI / Backend (push) Successful in 14m18s
Restrict account tracking, probing, and health reporting to accounts owned by the current client (client_id match). Extend identity-match verification to bilibili, juejin, and smzdm so session validity is confirmed locally rather than deferred to remote health state. Server-side account view now uses stored client_id as authoritative owner instead of presence data. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -98,6 +98,10 @@ function resolvePartition(accountId: string): string {
|
||||
)
|
||||
}
|
||||
|
||||
function resolveKnownPartition(accountId: string): string | null {
|
||||
return getSessionHandle(accountId)?.partition ?? getPersistedPartition(accountId) ?? null
|
||||
}
|
||||
|
||||
function nextInitialProbeAt(now = Date.now()): number {
|
||||
return now
|
||||
}
|
||||
@@ -375,7 +379,19 @@ async function performProbeLocked(
|
||||
record.probeState = 'probing'
|
||||
commitRecord(record, previousSignature)
|
||||
|
||||
const partition = resolvePartition(account.id)
|
||||
const partition = resolveKnownPartition(account.id)
|
||||
if (!partition) {
|
||||
return applyExpiredResult(
|
||||
record,
|
||||
{
|
||||
verdict: 'expired',
|
||||
reason: 'missing_partition',
|
||||
profile: null,
|
||||
sessionFingerprint: null,
|
||||
},
|
||||
Date.now(),
|
||||
)
|
||||
}
|
||||
|
||||
if (options.allowSilentRefresh) {
|
||||
const refreshed = await adapter.silentRefresh(account, partition).catch(() => false)
|
||||
@@ -748,6 +764,37 @@ export function markTrackedAccountBound(
|
||||
return snapshot
|
||||
}
|
||||
|
||||
export function markTrackedAccountMissingPartition(
|
||||
account: PublishAccountIdentity,
|
||||
): AccountHealthSnapshot {
|
||||
const record = ensureRecord(account)
|
||||
const previousSignature = snapshotSignature(record)
|
||||
const now = Date.now()
|
||||
|
||||
trackedAccounts.delete(account.id)
|
||||
record.authRevision += 1
|
||||
record.platform = account.platform
|
||||
record.authState = 'expired'
|
||||
record.probeState = 'idle'
|
||||
record.authReason = 'missing_partition'
|
||||
record.lastProbeAt = now
|
||||
record.nextProbeAt = null
|
||||
record.lastAuthFailureAt = now
|
||||
record.profile = null
|
||||
record.sessionFingerprint = null
|
||||
record.suspectedExpiredAt = null
|
||||
record.confirmFailureCount = 0
|
||||
|
||||
const snapshot = commitRecord(record, previousSignature)
|
||||
const queuedJob = probeJobs.get(account.id)
|
||||
if (queuedJob?.status === 'queued') {
|
||||
removeQueuedProbeJob(account.id)
|
||||
queuedJob.resolve(snapshot)
|
||||
}
|
||||
|
||||
return snapshot
|
||||
}
|
||||
|
||||
export function reconcileTrackedAccountRemoteState(
|
||||
account: PublishAccountIdentity,
|
||||
input: {
|
||||
|
||||
Reference in New Issue
Block a user