安全修复：加固CSRF与凭证保护并修复越权风险

services/kdocs_uploader.py

@@ -325,6 +325,10 @@ class KDocsUploader:
             if self._context is None:
                 storage_state = getattr(config, "KDOCS_LOGIN_STATE_FILE", "data/kdocs_login_state.json")
                 if use_storage_state and os.path.exists(storage_state):
+                    try:
+                        os.chmod(storage_state, 0o600)
+                    except Exception:
+                        pass
                     self._context = self._browser.new_context(storage_state=storage_state)
                 else:
                     self._context = self._browser.new_context()
@@ -837,8 +841,18 @@ class KDocsUploader:
     def _save_login_state(self) -> None:
         try:
             storage_state = getattr(config, "KDOCS_LOGIN_STATE_FILE", "data/kdocs_login_state.json")
-            os.makedirs(os.path.dirname(storage_state), exist_ok=True)
+            state_dir = os.path.dirname(storage_state)
+            if state_dir:
+                os.makedirs(state_dir, mode=0o700, exist_ok=True)
+                try:
+                    os.chmod(state_dir, 0o700)
+                except Exception:
+                    pass
             self._context.storage_state(path=storage_state)
+            try:
+                os.chmod(storage_state, 0o600)
+            except Exception:
+                pass
         except Exception as e:
             logger.warning(f"[KDocs] 保存登录态失败: {e}")