Update token validation error message and add rate limiting to export endpoint

XIYUEKONGLING · XIYUEKONGLING · commit 3397fa95ba08 · 2025-12-22T23:54:49.000+08:00
diff --git a/OpenBioCardServer/Controllers/Classic/ClassicAdminController.cs b/OpenBioCardServer/Controllers/Classic/ClassicAdminController.cs
@@ -51,7 +51,7 @@ public async Task<IActionResult> CheckPermission([FromBody] ClassicAdminRequest
 
             if (account.UserName != request.Username)
             {
-                return Unauthorized(new ClassicErrorResponse("Token does not match username"));
+                return Unauthorized(new ClassicErrorResponse("Invalid token"));
             }
 
             if (!await _authService.HasAdminPermissionAsync(account))
diff --git a/OpenBioCardServer/Controllers/Classic/ClassicUserController.cs b/OpenBioCardServer/Controllers/Classic/ClassicUserController.cs
@@ -1,4 +1,6 @@
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.RateLimiting;
+using OpenBioCardServer.Constants;
 using OpenBioCardServer.Models.DTOs.Classic;
 using OpenBioCardServer.Models.DTOs.Classic.General;
 using OpenBioCardServer.Models.DTOs.Classic.Profile;
@@ -94,6 +96,7 @@ public async Task<IActionResult> UpdateProfile(string username, [FromBody] Class
     /// Export user data (requires authentication)
     /// </summary>
     [HttpGet("{username}/export")]
+    [EnableRateLimiting(RateLimitPolicies.General)]
     public async Task<IActionResult> ExportData(string username)
     {
         var token = GetTokenFromHeader();

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ public async Task<IActionResult> CheckPermission([FromBody] ClassicAdminRequest`
`51`	`51`
`52`	`52`	`if (account.UserName != request.Username)`
`53`	`53`	`{`
`54`		`- return Unauthorized(new ClassicErrorResponse("Token does not match username"));`
	`54`	`+ return Unauthorized(new ClassicErrorResponse("Invalid token"));`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`if (!await _authService.HasAdminPermissionAsync(account))`