From 4fa3e16ab7577cc7168f9b6c63e4dd2dcd616420 Mon Sep 17 00:00:00 2001 From: CrescentLeaf Date: Thu, 25 Sep 2025 12:12:12 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BB=A4=E7=89=8C=E9=A9=97=E8=AD=89?= =?UTF-8?q?=E9=A1=8D=E5=A4=96=E6=B7=BB=E5=8A=A0=E6=98=AF=E5=90=A6=E7=82=BA?= =?UTF-8?q?=E6=9C=89=E6=95=88=E4=BB=A4=E7=89=8C=20*=20=E5=A6=82=E6=9E=9C?= =?UTF-8?q?=E8=A7=A3=E5=AF=86=E7=84=A1=E6=95=88,=20=E7=9B=B4=E6=8E=A5?= =?UTF-8?q?=E8=BF=94=E5=9B=9E=E4=B8=80=E5=80=8B=E7=84=A1=E6=95=88=E7=9A=84?= =?UTF-8?q?=E4=BB=A4=E7=89=8C,=20=E4=B8=A6=E5=8A=A0=E4=BB=A5=E5=88=A4?= =?UTF-8?q?=E6=96=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/api/BaseApi.ts | 2 +- server/api/FileTokenManager.ts | 10 +++++++--- server/api/TokenManager.ts | 10 +++++++--- server/api/UserApi.ts | 2 +- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/server/api/BaseApi.ts b/server/api/BaseApi.ts index 437b7e7..06237de 100644 --- a/server/api/BaseApi.ts +++ b/server/api/BaseApi.ts @@ -25,7 +25,7 @@ export default abstract class BaseApi { } checkToken(token: Token, deviceId: string) { if (token.expired_time < Date.now()) return false - if (!User.findById(token.author)) return false + if (!token.author || !User.findById(token.author)) return false if (deviceId != null) if (token.device_id != deviceId) return false diff --git a/server/api/FileTokenManager.ts b/server/api/FileTokenManager.ts index 5f53877..a781617 100644 --- a/server/api/FileTokenManager.ts +++ b/server/api/FileTokenManager.ts @@ -22,9 +22,13 @@ export default class FileTokenManager { } static decode(token: string) { if (token == null) throw new Error('令牌為空!') - return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update( - Buffer.from(token, 'hex') - ).toString()) as Token + try { + return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update( + Buffer.from(token, 'hex') + ).toString()) as Token + } catch(e) { + throw new Error('令牌無效!') + } } /** diff --git a/server/api/TokenManager.ts b/server/api/TokenManager.ts index 0eb2d13..e80da3e 100644 --- a/server/api/TokenManager.ts +++ b/server/api/TokenManager.ts @@ -23,9 +23,13 @@ export default class TokenManager { } static decode(token: string) { if (token == null) throw new Error('令牌為空!') - return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key), '01234567890123456').update( - Buffer.from(token, 'hex') - ).toString()) as Token + try { + return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key), '01234567890123456').update( + Buffer.from(token, 'hex') + ).toString()) as Token + } catch(e) { + return {} as Token + } } static make(user: User, time_: number | null | undefined, device_id: string) { diff --git a/server/api/UserApi.ts b/server/api/UserApi.ts index b3b344e..4cad6fb 100644 --- a/server/api/UserApi.ts +++ b/server/api/UserApi.ts @@ -26,7 +26,7 @@ export default class UserApi extends BaseApi { msg: "登錄令牌失效", code: 401, } - if (!User.findById(access_token.author)) return { + if (!access_token.author || !User.findById(access_token.author)) return { msg: "賬號不存在", code: 401, }