fix(desktop): scope account access to owning client and extend identity verification
Backend CI / Backend (push) Successful in 14m18s

Restrict account tracking, probing, and health reporting to accounts owned
by the current client (client_id match). Extend identity-match verification
to bilibili, juejin, and smzdm so session validity is confirmed locally
rather than deferred to remote health state. Server-side account view now
uses stored client_id as authoritative owner instead of presence data.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Xu Liang
2026-05-05 22:09:10 +08:00
parent 337bb6f9ac
commit 680adf7b93
7 changed files with 151 additions and 34 deletions
@@ -57,6 +57,9 @@ function createRuntimeAccountView(
health: account.health,
verifiedAt: account.verified_at,
})
const belongsToCurrentClient = Boolean(
account.client_id && account.client_id === context.primaryClientId,
)
return {
id: account.id,
@@ -70,7 +73,7 @@ function createRuntimeAccountView(
authReason: projected.authReason,
tags: account.tags,
syncVersion: account.sync_version,
clientId: account.client_id ?? context.primaryClientId,
clientId: account.client_id ?? '',
partition: projected.partition || sessionHandle?.partition || `persist:acc-${account.id}`,
sessionState: isHot ? 'hot' : sessionHandle ? 'warm' : 'cold',
lastSyncAt: context.lastAccountsSyncAt || parseTimestamp(account.verified_at) || context.now,
@@ -78,7 +81,7 @@ function createRuntimeAccountView(
lastProbeAt: projected.lastProbeAt,
nextProbeAt: projected.nextProbeAt,
queueDepth: accountQueueDepth,
online: context.clientOnline,
online: context.clientOnline && belongsToCurrentClient,
}
}