fix: prevent reused account ownership for orphan works

2026-05-27 22:44:01 +08:00
parent 83f73289dc
commit 48dd96d5cd
10 changed files with 450 additions and 25 deletions
--- a/server-rs/crates/api-server/src/state.rs
+++ b/server-rs/crates/api-server/src/state.rs
@@ -35,6 +35,9 @@ use crate::puzzle_gallery_cache::PuzzleGalleryCache;
 use crate::tracking_outbox::TrackingOutbox;
 use crate::wechat_pay::{WechatPayClient, map_wechat_pay_init_error};
 use crate::wechat_provider::build_wechat_provider;
+use crate::work_author::{
+    ORPHAN_WORK_AUTHOR_DISPLAY_NAME, ORPHAN_WORK_AUTHOR_PUBLIC_USER_CODE, ORPHAN_WORK_OWNER_USER_ID,
+};

 const ADMIN_ROLE: &str = "admin";

@@ -361,6 +364,14 @@ impl AppState {
        )?)?;
        let password_entry_service = PasswordEntryService::new(auth_store.clone());
        let auth_user_service = AuthUserService::new(auth_store.clone());
+        auth_user_service
+            .ensure_orphan_work_owner_user(
+                ORPHAN_WORK_OWNER_USER_ID,
+                ORPHAN_WORK_OWNER_USER_ID,
+                ORPHAN_WORK_AUTHOR_DISPLAY_NAME,
+                ORPHAN_WORK_AUTHOR_PUBLIC_USER_CODE,
+            )
+            .map_err(|error| AppStateInitError::AuthStore(error.to_string()))?;
        let phone_auth_service = PhoneAuthService::new(auth_store.clone(), sms_provider);
        let wechat_auth_state_service =
            WechatAuthStateService::new(auth_store.clone(), config.wechat_state_ttl_minutes);