fix(token): 在editTokenName中添加用户权限检查

添加用户权限验证，确保只有token所有者可以修改token名称

Author: zxdong262

api/token.ts

@@ -43,7 +43,7 @@ export default async function token (req: VercelRequest, res: VercelResponse): P
     })
   } else if (method === 'PATCH') {
     if (name !== undefined) {
-      const r = await editTokenName(tokenId, name).catch(handleError)
+      const r = await editTokenName(tokenId, name, user).catch(handleError)
       res.send(r)
       return
     }

src/server/control/token.ts

@@ -101,7 +101,10 @@ export async function reToken (id: string, user: User): Promise<Object> {
   }
 }
 
-export async function editTokenName (id: string, name: string): Promise<Object> {
+export async function editTokenName (id: string, name: string, user: User): Promise<Object> {
+  if (!user.tokenIds.includes(id)) {
+    throw new Error('Token not found or access denied')
+  }
   await TokenModel.update({ id }, {
     name
   })