fix(desktop): scope account access to owning client and extend identity verification
Backend CI / Backend (push) Successful in 14m18s
Backend CI / Backend (push) Successful in 14m18s
Restrict account tracking, probing, and health reporting to accounts owned by the current client (client_id match). Extend identity-match verification to bilibili, juejin, and smzdm so session validity is confirmed locally rather than deferred to remote health state. Server-side account view now uses stored client_id as authoritative owner instead of presence data. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -57,6 +57,9 @@ function createRuntimeAccountView(
|
||||
health: account.health,
|
||||
verifiedAt: account.verified_at,
|
||||
})
|
||||
const belongsToCurrentClient = Boolean(
|
||||
account.client_id && account.client_id === context.primaryClientId,
|
||||
)
|
||||
|
||||
return {
|
||||
id: account.id,
|
||||
@@ -70,7 +73,7 @@ function createRuntimeAccountView(
|
||||
authReason: projected.authReason,
|
||||
tags: account.tags,
|
||||
syncVersion: account.sync_version,
|
||||
clientId: account.client_id ?? context.primaryClientId,
|
||||
clientId: account.client_id ?? '',
|
||||
partition: projected.partition || sessionHandle?.partition || `persist:acc-${account.id}`,
|
||||
sessionState: isHot ? 'hot' : sessionHandle ? 'warm' : 'cold',
|
||||
lastSyncAt: context.lastAccountsSyncAt || parseTimestamp(account.verified_at) || context.now,
|
||||
@@ -78,7 +81,7 @@ function createRuntimeAccountView(
|
||||
lastProbeAt: projected.lastProbeAt,
|
||||
nextProbeAt: projected.nextProbeAt,
|
||||
queueDepth: accountQueueDepth,
|
||||
online: context.clientOnline,
|
||||
online: context.clientOnline && belongsToCurrentClient,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user