Merge commit from fork

fix: harden token search with pagination, rate limiting and input validation
2026-03-30 00:46:42 +00:00 · 2026-02-06 17:54:40 +08:00
parent f3d6e99b28 3e1be18310
commit 053699fa98
11 changed files with 282 additions and 20 deletions
--- a/common/constants.go
+++ b/common/constants.go
@@ -175,6 +175,10 @@ var (

 	DownloadRateLimitNum            = 10
 	DownloadRateLimitDuration int64 = 60
+
+	// Per-user search rate limit (applies after authentication, keyed by user ID)
+	SearchRateLimitNum            = 10
+	SearchRateLimitDuration int64 = 60
 )

 var RateLimitKeyExpirationDuration = 20 * time.Minute
--- a/common/utils.go
+++ b/common/utils.go
@@ -192,7 +192,7 @@ func Interface2String(inter interface{}) string {
 	case int:
 		return fmt.Sprintf("%d", inter.(int))
 	case float64:
-		return fmt.Sprintf("%f", inter.(float64))
+		return strconv.FormatFloat(inter.(float64), 'f', -1, 64)
 	case bool:
 		if inter.(bool) {
 			return "true"