修复重置订阅API的错误

2026-04-18 00:34:10 +08:00
parent d341138c8a
commit 64655932b1
7 changed files with 29 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ dist/
 frontend/admin/reverse/node_modules/
 log
 sqldes
+api.exe
--- a/internal/handler/admin_extra_api.go
+++ b/internal/handler/admin_extra_api.go
@@ -207,7 +207,7 @@ func AdminUserResetSecret(c *gin.Context) {
 		return
 	}
 	newUUID := uuid.NewString()
-	newToken := strings.ReplaceAll(uuid.NewString(), "-", "")
+	newToken := service.GenerateSubscriptionToken()
 	if err := database.DB.Model(&model.User{}).
 		Where("id = ?", payload.ID).
 		Updates(map[string]any{"uuid": newUUID, "token": newToken}).Error; err != nil {
--- a/internal/handler/auth_api.go
+++ b/internal/handler/auth_api.go
@@ -1,7 +1,6 @@
 package handler

 import (
-	"crypto/md5"
 	"crypto/rand"
 	"encoding/hex"
 	"fmt"
@@ -84,12 +83,11 @@ func Register(c *gin.Context) {
 	}

 	now := time.Now().Unix()
-	tokenRaw := fmt.Sprintf("%x", md5.Sum([]byte(time.Now().String()+req.Email)))
 	user := model.User{
 		Email:     req.Email,
 		Password:  hashedPassword,
 		UUID:      uuid.New().String(),
-		Token:     tokenRaw[:16],
+		Token:     service.GenerateSubscriptionToken(),
 		CreatedAt: now,
 		UpdatedAt: now,
 	}
--- a/internal/handler/auth_handler.go
+++ b/internal/handler/auth_handler.go
@@ -3,12 +3,11 @@
 package handler

 import (
-	"crypto/md5"
-	"fmt"
 	"net/http"
 	"time"
 	"xboard-go/internal/database"
 	"xboard-go/internal/model"
+	"xboard-go/internal/service"
 	"xboard-go/pkg/utils"

 	"github.com/gin-gonic/gin"
@@ -78,9 +77,7 @@ func Register(c *gin.Context) {
 	}

 	newUUID := uuid.New().String()
-	// Generate a 16-character random token for compatibility
-	tokenRaw := fmt.Sprintf("%x", md5.Sum([]byte(time.Now().String()+req.Email)))
-	token := tokenRaw[:16]
+	token := service.GenerateSubscriptionToken()

 	user := model.User{
 		Email:     req.Email,
--- a/internal/handler/user_api.go
+++ b/internal/handler/user_api.go
@@ -115,7 +115,7 @@ func UserResetSecurity(c *gin.Context) {
 	}

 	newUUID := uuid.New().String()
-	newToken := fmt.Sprintf("%x", md5.Sum([]byte(time.Now().String()+user.Email)))[:16]
+	newToken := service.GenerateSubscriptionToken()
 	if err := database.DB.Model(&model.User{}).
 		Where("id = ?", user.ID).
 		Updates(map[string]any{"uuid": newUUID, "token": newToken, "updated_at": time.Now().Unix()}).Error; err != nil {
--- a/internal/service/plugin.go
+++ b/internal/service/plugin.go
@@ -1,9 +1,7 @@
 package service

 import (
-	"crypto/md5"
 	"encoding/json"
-	"fmt"
 	"strconv"
 	"strings"
 	"time"
@@ -101,7 +99,7 @@ func SyncIPv6ShadowAccount(user *model.User) bool {
 		ipv6User.ID = 0
 		ipv6User.Email = ipv6Email
 		ipv6User.UUID = uuid.New().String()
-		ipv6User.Token = fmt.Sprintf("%x", md5.Sum([]byte(time.Now().String()+ipv6Email)))[:16]
+		ipv6User.Token = GenerateSubscriptionToken()
 		ipv6User.U = 0
 		ipv6User.D = 0
 		ipv6User.T = 0
--- a/internal/service/token.go
+++ b/internal/service/token.go
@@ -0,0 +1,18 @@
+package service
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+)
+
+// GenerateSubscriptionToken returns a 32-character hex token compatible with
+// XBoard-style subscription URLs.
+func GenerateSubscriptionToken() string {
+	buf := make([]byte, 16)
+	if _, err := rand.Read(buf); err != nil {
+		// Fall back to zero-value encoding only in the unlikely event random
+		// source fails; callers still get a stable-length token.
+		return hex.EncodeToString(buf)
+	}
+	return hex.EncodeToString(buf)
+}