fix: 令牌驗證額外添加是否為有效令牌

* 如果解密無效, 直接返回一個無效的令牌, 並加以判斷
2025-09-25 12:12:12 +08:00
parent 9cc3a2149e
commit 4fa3e16ab7
4 changed files with 16 additions and 8 deletions
--- a/server/api/UserApi.ts
+++ b/server/api/UserApi.ts
@@ -26,7 +26,7 @@ export default class UserApi extends BaseApi {
                    msg: "登錄令牌失效",
                    code: 401,
                }
-                if (!User.findById(access_token.author)) return {
+                if (!access_token.author || !User.findById(access_token.author)) return {
                    msg: "賬號不存在",
                    code: 401,
                }