From 8c3a3593bf4ff48034d2d013f01a6a6506bf7b5b Mon Sep 17 00:00:00 2001
From: CounterFire2023 <136581895+CounterFire2023@users.noreply.github.com>
Date: Fri, 29 Mar 2024 11:18:52 +0800
Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=97=B6,=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E6=A3=80=E6=9F=A5nonce=E7=9A=84=E6=A0=BC=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/controllers/sign.controller.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/controllers/sign.controller.ts b/src/controllers/sign.controller.ts
index c4428fa..749c338 100644
--- a/src/controllers/sign.controller.ts
+++ b/src/controllers/sign.controller.ts
@@ -12,6 +12,7 @@ import { aesDecrypt } from 'zutils/utils/security.util'
 import { base58ToHex } from 'zutils/utils/string.util'
 import { ActivityGame } from 'models/ActivityGame'
 import { SCORE_INVITE_USER, SCORE_SOCIAL_TASK } from 'common/Constants'
+import { isObjectIdString } from 'common/Utils'
 
 const LOGIN_TIP = 'This signature is just to verify your identity'
 
@@ -60,6 +61,9 @@ class SignController extends BaseController {
         nonce = nonceStr
       }
     }
+    if (!isObjectIdString(nonce)) {
+      throw new ZError(11, 'nonce invalid')
+    }
     let record = await NonceRecord.findById(nonce)
     if (!record || record.status !== 0) {
       throw new ZError(12, 'nonce invalid')