Skip to content

.1502411993651747:aea21d92f0384e3557507fa5551e8d36_69f5be91dc48703ced6cf216.69f5beb3dc48703ced6cf221.69f5beb326499c2a7e1f00c3:Trae CN.T(2026/5/2 17:06:59)#2

Open
lovely90133 wants to merge 2 commits into
notrealmaurya:mainfrom
lovely90133:t3
Open

.1502411993651747:aea21d92f0384e3557507fa5551e8d36_69f5be91dc48703ced6cf216.69f5beb3dc48703ced6cf221.69f5beb326499c2a7e1f00c3:Trae CN.T(2026/5/2 17:06:59)#2
lovely90133 wants to merge 2 commits into
notrealmaurya:mainfrom
lovely90133:t3

Conversation

@lovely90133

Copy link
Copy Markdown

fix(笔记控制器): 优化更新笔记的原子性和权限检查

将 findByIdAndUpdate 替换为 findOneAndUpdate,在同一个操作中同时检查权限和更新数据
避免潜在的竞态条件和权限绕过风险

test: 添加权限控制测试脚本
验证不同用户对笔记的访问权限,确保权限控制正常工作

改进认证中间件的错误处理和令牌验证逻辑,增加对无效令牌和过期令牌的检测
在笔记更新和删除操作中添加用户ID验证,确保用户只能操作自己的笔记
将 findByIdAndUpdate 替换为 findOneAndUpdate,在同一个操作中同时检查权限和更新数据
避免潜在的竞态条件和权限绕过风险

test: 添加权限控制测试脚本
验证不同用户对笔记的访问权限,确保权限控制正常工作
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant