Add validation and logging improvements based on code review

Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
2025-11-08 15:06:08 +08:00 · 2025-11-07 16:32:04 +00:00 · 2025-11-07 16:32:04 +00:00 · 5e7e39753c
commit 5e7e39753c
parent 013f44b2bd
2 changed files with 29 additions and 8 deletions
--- a/back/services/user.ts
+++ b/back/services/user.ts
@ -193,6 +193,11 @@ export default class UserService {
  }

  public async logout(platform: string, tokenValue: string): Promise<any> {
+    if (!platform || !tokenValue) {
+      this.logger.warn('Invalid logout parameters - empty platform or token');
+      return;
+    }
+
    const authInfo = await this.getAuthInfo();

    // Verify the token exists before attempting to remove it
@ -203,6 +208,9 @@ export default class UserService {
    );
    if (!tokenExists && authInfo.token !== tokenValue) {
      // Token not found, but don't throw error - user may have already logged out
+      this.logger.info(
+        `Logout attempted for non-existent token on platform: ${platform}`,
+      );
      return;
    }

@ -430,6 +438,14 @@ export default class UserService {
    tokenInfo: TokenInfo,
    maxTokensPerPlatform: number = config.maxTokensPerPlatform,
  ): Record<string, TokenInfo[]> {
+    // Validate maxTokensPerPlatform parameter
+    if (!Number.isInteger(maxTokensPerPlatform) || maxTokensPerPlatform < 1) {
+      this.logger.warn(
+        `Invalid maxTokensPerPlatform value: ${maxTokensPerPlatform}, using default`,
+      );
+      maxTokensPerPlatform = config.maxTokensPerPlatform;
+    }
+
    const normalized = this.normalizeTokens(tokens);

    if (!normalized[platform]) {
--- a/back/shared/auth.ts
+++ b/back/shared/auth.ts
@ -27,15 +27,20 @@ export function isValidToken(

  // Check platform-specific tokens (support both legacy string and new TokenInfo[] format)
  const platformTokens = tokens[platform];
-  if (platformTokens) {
-    if (typeof platformTokens === 'string') {
-      // Legacy format: single string token
-      return headerToken === platformTokens;
-    } else if (Array.isArray(platformTokens)) {
-      // New format: array of TokenInfo objects
-      return platformTokens.some((t: TokenInfo) => t.value === headerToken);
-    }
+
+  // Handle null/undefined platformTokens
+  if (platformTokens === null || platformTokens === undefined) {
+    return false;
  }

+  if (typeof platformTokens === 'string') {
+    // Legacy format: single string token
+    return headerToken === platformTokens;
+  } else if (Array.isArray(platformTokens)) {
+    // New format: array of TokenInfo objects
+    return platformTokens.some((t: TokenInfo) => t && t.value === headerToken);
+  }
+
+  // Unexpected type - log warning and reject
  return false;
 }