fix(audit): 修复3个审计发现的bug

- migrateCloudConfigs 缺 } 导致 notify_config/cloud_type_uid 嵌套在 promotion_account 内不迁移
- cloud_configs_v2 INSERT/SELECT 缺 cloud_type_uid/cookie_uid 导致数据丢失
- deploy.sh 密码嵌入改成 docker exec -e 传参(防特殊字符注入)

VERSION

@@ -1 +1 @@
-0.4.9
+0.4.13

source_clean/VERSION

@@ -1 +1 @@
-0.4.9
+0.4.13

source_clean/src/cloud/credential.service.ts

@@ -35,9 +35,9 @@ function decryptCookie(encrypted: string): string {
 
 function extractCookieUid(cookie: string): string {
   if (!cookie) return '';
-  let m = cookie.match(/__uid=([a-zA-Z0-9+/=_-]+)/);
+  let m = cookie.match(/__uid=([^;]+)/);
   if (m) return m[1];
-  m = cookie.match(/b-user-id=([a-zA-Z0-9-]+)/);
+  m = cookie.match(/b-user-id=([^;]+)/);
   if (m) return m[1];
   return '';
 }

source_clean/src/database/database.ts

@@ -40,6 +40,7 @@ function runMigrations(db: Database.Database): void {
       cloud_type TEXT NOT NULL,
       cookie TEXT,
       cloud_type_uid TEXT DEFAULT NULL,
+      cookie_uid TEXT DEFAULT NULL,
       nickname TEXT,
       is_active INTEGER NOT NULL DEFAULT 1,
       storage_used TEXT,
@@ -109,6 +110,13 @@ function runMigrations(db: Database.Database): void {
       description TEXT,
       updated_at TEXT NOT NULL DEFAULT (datetime('now', 'localtime'))
     );
+    CREATE TABLE IF NOT EXISTS push_users (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      account TEXT NOT NULL UNIQUE,
+      notify_config TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now','localtime')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now','localtime'))
+    );
 
     CREATE TABLE IF NOT EXISTS content_cache (
       id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -209,6 +217,7 @@ function migrateCloudConfigs(db: Database.Database): void {
         cookie TEXT,
         cloud_type_uid TEXT DEFAULT NULL,
         nickname TEXT,
+        cookie_uid TEXT DEFAULT NULL,
         is_active INTEGER NOT NULL DEFAULT 1,
         storage_used TEXT,
         storage_total TEXT,
@@ -221,8 +230,8 @@ function migrateCloudConfigs(db: Database.Database): void {
         created_at TEXT NOT NULL DEFAULT (datetime('now', 'localtime')),
         updated_at TEXT NOT NULL DEFAULT (datetime('now', 'localtime'))
       );
-      INSERT INTO cloud_configs_v2 (id, cloud_type, cookie, nickname, is_active, storage_used, storage_total, checkin_status, last_checkin_at, checkin_message, consecutive_failures, last_used_at, total_saves, created_at, updated_at)
+      INSERT INTO cloud_configs_v2 (id, cloud_type, cookie, cloud_type_uid, cookie_uid, nickname, is_active, storage_used, storage_total, checkin_status, last_checkin_at, checkin_message, consecutive_failures, last_used_at, total_saves, created_at, updated_at)
-      SELECT id, cloud_type, cookie, nickname, is_active, storage_used, storage_total, COALESCE(checkin_status,'none'), last_checkin_at, checkin_message, COALESCE(consecutive_failures,0), last_used_at, COALESCE(total_saves,0), created_at, updated_at FROM cloud_configs;
+      SELECT id, cloud_type, cookie, cloud_type_uid, cookie_uid, nickname, is_active, storage_used, storage_total, COALESCE(checkin_status,'none'), last_checkin_at, checkin_message, COALESCE(consecutive_failures,0), last_used_at, COALESCE(total_saves,0), created_at, updated_at FROM cloud_configs;
       DROP TABLE cloud_configs;
       ALTER TABLE cloud_configs_v2 RENAME TO cloud_configs;
     `);
@@ -248,6 +257,7 @@ function migrateCloudConfigs(db: Database.Database): void {
   if (!hasPromotionAccount) {
     db.exec("ALTER TABLE cloud_configs ADD COLUMN promotion_account TEXT DEFAULT NULL");
     console.log('[DB] cloud_configs migration: promotion_account column added');
+}
 
   // v0.3.5: notify_config for per-cloud push notification settings
   const hasNotifyConfig = db.prepare("SELECT sql FROM sqlite_master WHERE name='cloud_configs' AND sql LIKE '%notify_config%'").get();