安全修复：加固CSRF与凭证保护并修复越权风险

routes/api_schedules.py

@@ -9,6 +9,7 @@ import time as time_mod
 import uuid
 
 import database
+from app_logger import get_logger
 from flask import Blueprint, jsonify, request
 from flask_login import current_user, login_required
 from services.accounts_service import load_user_accounts
@@ -17,6 +18,7 @@ from services.state import safe_get_account, safe_get_user_accounts_snapshot
 from services.tasks import submit_account_task
 
 api_schedules_bp = Blueprint("api_schedules", __name__)
+logger = get_logger("app")
 
 _HHMM_RE = re.compile(r"^(\d{1,2}):(\d{2})$")
 
@@ -391,4 +393,5 @@ def delete_schedule_logs_api(schedule_id):
         deleted = database.delete_schedule_logs(schedule_id, current_user.id)
         return jsonify({"success": True, "deleted": deleted})
     except Exception as e:
-        return jsonify({"error": str(e)}), 500
+        logger.warning(f"[schedules] 清空定时任务日志失败(schedule_id={schedule_id}): {e}")
+        return jsonify({"error": "清空日志失败，请稍后重试"}), 500