From ceff377d905b1938402ea8a22701fdc97c44cecd Mon Sep 17 00:00:00 2001
From: 237899745 <237899745@users.noreply.git.workyai.cn>
Date: Sat, 4 Apr 2026 00:44:05 +0800
Subject: [PATCH] fix: add CSRF token to delete direct link request

The DELETE /api/direct-link/:id endpoint requires CSRF validation.
Updated api_delete_direct_link to fetch CSRF token before sending
the request, matching the pattern used by api_delete_share.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 desktop-client/src-tauri/src/lib.rs | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/desktop-client/src-tauri/src/lib.rs b/desktop-client/src-tauri/src/lib.rs
index 7933ad2..9826380 100644
--- a/desktop-client/src-tauri/src/lib.rs
+++ b/desktop-client/src-tauri/src/lib.rs
@@ -1054,13 +1054,18 @@ async fn api_delete_direct_link(
     base_url: String,
     link_id: i64,
 ) -> Result<BridgeResponse, String> {
-    request_with_optional_csrf(
+    if link_id <= 0 {
+        return Err("无效的直链ID".to_string());
+    }
+
+    let csrf_token = fetch_csrf_token(&state.client, &base_url).await?;
+    let path = format!("/api/direct-link/{}", link_id);
+    request_json(
         &state.client,
         Method::DELETE,
-        &base_url,
-        &format!("/api/direct-link/{}", link_id),
+        join_api_url(&base_url, &path),
         None,
-        false,
+        csrf_token,
     )
     .await
 }