fix(desktop): scope account access to owning client and extend identity verification
Backend CI / Backend (push) Successful in 14m18s

Restrict account tracking, probing, and health reporting to accounts owned
by the current client (client_id match). Extend identity-match verification
to bilibili, juejin, and smzdm so session validity is confirmed locally
rather than deferred to remote health state. Server-side account view now
uses stored client_id as authoritative owner instead of presence data.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Xu Liang
2026-05-05 22:09:10 +08:00
parent 337bb6f9ac
commit 680adf7b93
7 changed files with 151 additions and 34 deletions
@@ -557,26 +557,19 @@ func (s *DesktopAccountService) buildDesktopAccountView(
var clientLastSeenAt *time.Time
var clientDeviceName *string
resolvedClientID := account.ClientID
if presenceClientMap != nil {
if activeClientID, ok := presenceClientMap[account.DesktopID]; ok {
resolvedClientID = &activeClientID
}
}
if resolvedClientID != nil {
value := resolvedClientID.String()
if account.ClientID != nil {
value := account.ClientID.String()
clientID = &value
online := false
clientOnline = &online
if clientMap != nil {
if client, ok := clientMap[*resolvedClientID]; ok && client != nil {
if client, ok := clientMap[*account.ClientID]; ok && client != nil {
clientLastSeenAt = client.LastSeenAt
clientDeviceName = client.DeviceName
if presenceClientMap != nil {
if activeClientID, ok := presenceClientMap[account.DesktopID]; ok && activeClientID == *resolvedClientID {
if activeClientID, ok := presenceClientMap[account.DesktopID]; ok && activeClientID == *account.ClientID {
online = true
}
}