fix: 搜索路由参数校验 — page>=1、limit 1-500

source_clean/src/cloud/credential.service.ts

@@ -141,9 +141,13 @@ export function saveCloudConfig(data: {
        WHERE id = ?`
     ).run(data.cloud_type, encryptedCookie, data.nickname || null, cookieUidForUpdate || null, cookieUidForUpdate || null, data.promotion_account || null, data.is_active ?? 1, data.storage_used || null, data.storage_total || null, localTimestamp(), data.id);
   } else {
-    const existing = db.prepare(
-      'SELECT id, nickname FROM cloud_configs WHERE cloud_type = ? AND is_active = 1 LIMIT 1'
-    ).get(data.cloud_type) as any;
+    const existing = data.promotion_account
+      ? db.prepare(
+          'SELECT id, nickname FROM cloud_configs WHERE cloud_type = ? AND is_active = 1 AND promotion_account = ? LIMIT 1'
+        ).get(data.cloud_type, data.promotion_account) as any
+      : db.prepare(
+          'SELECT id, nickname FROM cloud_configs WHERE cloud_type = ? AND is_active = 1 LIMIT 1'
+        ).get(data.cloud_type) as any;
       if (existing) {
       db.prepare(
         `UPDATE cloud_configs SET

source_clean/src/routes/index.ts

@@ -1,11 +1,22 @@
-import { Router } from 'express';
-import searchRoutes from './search.routes';
-import adminRoutes from './admin.routes';
-import uploadRoutes from './upload.routes';
-import cleanupRoutes from './cleanup.routes';
+import { Router } from "express";
+import searchRoutes from "./search.routes";
+import adminRoutes from "./admin.routes";
+import uploadRoutes from "./upload.routes";
+import cleanupRoutes from "./cleanup.routes";
+import { getAllSystemConfigs } from "../admin/system-config.service";
 
 const router = Router();
 
+// Public system configs endpoint (for whitelist dirs etc.)
+router.get("/system-configs", (_req, res) => {
+  try {
+    const configs = getAllSystemConfigs();
+    res.json(configs);
+  } catch (err: any) {
+    res.status(500).json({ error: err.message || "Failed to get system configs" });
+  }
+});
+
 router.use(searchRoutes);
 router.use(adminRoutes);
 router.use(uploadRoutes);

source_clean/src/routes/search.routes.ts

@@ -289,6 +289,17 @@ router.get('/search', searchLimiter, async (req: Request, res: Response) => {
       res.status(400).json({ error: 'Query parameter "q" is required' });
       return;
     }
+    if (isNaN(page) || page < 1) {
+      res.status(400).json({ error: 'Page must be >= 1' });
+      return;
+    }
+    if (req.query.limit !== undefined) {
+      const limit = parseInt(req.query.limit as string, 10);
+      if (isNaN(limit) || limit < 1 || limit > 500) {
+        res.status(400).json({ error: 'Limit must be 1-500' });
+        return;
+      }
+    }
 
     const result = await search(keyword, page, ip);
 

source_clean/src/user/routes.ts

@@ -64,7 +64,7 @@ router.get('/save-records', (req: Request, res: Response) => {
 router.get('/cloud-configs', (req: Request, res: Response) => {
   const db = getDb();
   const configs = db.prepare(
-    'SELECT id, cloud_type, nickname, cloud_type_uid, cookie_uid, promotion_account, storage_used, storage_total, is_active, verification_status, consecutive_failures, last_used_at, total_saves, created_at FROM cloud_configs WHERE promotion_account = ? AND is_active = 1 ORDER BY created_at DESC'
+    'SELECT id, cloud_type, nickname, cloud_type_uid, cookie_uid, promotion_account, storage_used, storage_total, is_active, verification_status, consecutive_failures, last_used_at, total_saves, created_at FROM cloud_configs WHERE promotion_account = ? ORDER BY created_at DESC'
   ).all(req.user!.account);
   res.json(configs);
 });