feat: token 唯一性检测增加 type 和 name

2025-08-10 00:52:40 +00:00 · 2025-06-09 18:42:35 +08:00
parent b0347637bc
commit 64b9505035
2 changed files with 24 additions and 13 deletions
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "sub-store",
-  "version": "2.19.62",
+  "version": "2.19.63",
  "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and Shadowrocket.",
  "main": "src/main.js",
  "scripts": {
--- a/backend/src/restful/token.js
+++ b/backend/src/restful/token.js
@@ -53,6 +53,16 @@ async function signToken(req, res) {
    try {
        const { payload, options } = req.body;
        const ms = eval(`require("ms")`);
+        const type = payload?.type;
+        const name = payload?.name;
+        if (!type || !name)
+            return failed(
+                res,
+                new RequestInvalidError(
+                    'INVALID_PAYLOAD',
+                    `payload type and name are required`,
+                ),
+            );
        let token = payload?.token;
        if (token != null) {
            if (typeof token !== 'string' || token.length < 1) {
@@ -65,7 +75,12 @@ async function signToken(req, res) {
                );
            }
            const tokens = $.read(TOKENS_KEY) || [];
-            if (tokens.find((t) => t.token === token)) {
+            if (
+                tokens.find(
+                    (t) =>
+                        t.token === token && t.type === type && t.name === name,
+                )
+            ) {
                return failed(
                    res,
                    new RequestInvalidError(
@@ -75,16 +90,7 @@ async function signToken(req, res) {
                );
            }
        }
-        const type = payload?.type;
-        const name = payload?.name;
-        if (!type || !name)
-            return failed(
-                res,
-                new RequestInvalidError(
-                    'INVALID_PAYLOAD',
-                    `payload type and name are required`,
-                ),
-            );
+
        if (type === 'col') {
            const collections = $.read(COLLECTIONS_KEY) || [];
            const collection = collections.find((c) => c.name === name);
@@ -153,7 +159,12 @@ async function signToken(req, res) {
        if (!token) {
            do {
                token = nanoid.customAlphabet(nanoid.urlAlphabet)();
-            } while (tokens.find((t) => t.token === token));
+            } while (
+                tokens.find(
+                    (t) =>
+                        t.token === token && t.type === type && t.name === name,
+                )
+            );
        }
        tokens.push({
            ...payload,