登录时,增加检查nonce的格式

2024-03-29 11:18:52 +08:00 · 2024-03-29 11:18:52 +08:00 · 8c3a3593bf
commit 8c3a3593bf
parent 3970e91700
1 changed files with 4 additions and 0 deletions
--- a/src/controllers/sign.controller.ts
+++ b/src/controllers/sign.controller.ts
@ -12,6 +12,7 @@ import { aesDecrypt } from 'zutils/utils/security.util'
 import { base58ToHex } from 'zutils/utils/string.util'
 import { ActivityGame } from 'models/ActivityGame'
 import { SCORE_INVITE_USER, SCORE_SOCIAL_TASK } from 'common/Constants'
+import { isObjectIdString } from 'common/Utils'

 const LOGIN_TIP = 'This signature is just to verify your identity'

@ -60,6 +61,9 @@ class SignController extends BaseController {
        nonce = nonceStr
      }
    }
+    if (!isObjectIdString(nonce)) {
+      throw new ZError(11, 'nonce invalid')
+    }
    let record = await NonceRecord.findById(nonce)
    if (!record || record.status !== 0) {
      throw new ZError(12, 'nonce invalid')