From e4b730c8dbcb7227207f0696c1e2d3c73f7ae53c Mon Sep 17 00:00:00 2001
From: congsh <congsh@jiulu-gameplay.com.cn>
Date: Sat, 18 Apr 2026 19:52:34 +0800
Subject: [PATCH] fix(phase3): subscription leak, image mime type validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Ledger store: add stopSubscription() to properly clean up realtime
  subscriptions, matching asset store pattern
- LedgerList: call stopSubscription on unmount
- Assets migration: restrict image upload to image/* mime types
  (C3 updateRule is a known tradeoff — PocketBase lacks field-level
  permissions, frontend enforces edit restrictions instead)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../pb_migrations/1776510002_created_assets.js    |  2 +-
 frontend/src/components/ledger/LedgerList.vue     |  6 +++++-
 frontend/src/stores/ledger.ts                     | 15 ++++++++++++---
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/backend/pb_migrations/1776510002_created_assets.js b/backend/pb_migrations/1776510002_created_assets.js
index 4720384..14495c5 100644
--- a/backend/pb_migrations/1776510002_created_assets.js
+++ b/backend/pb_migrations/1776510002_created_assets.js
@@ -112,7 +112,7 @@ migrate((db) => {
         "presentable": false,
         "unique": false,
         "options": {
-          "mimeTypes": null,
+          "mimeTypes": ["image/*"],
           "thumbs": ["200x200"],
           "maxSelect": 1,
           "maxSize": 5242880,
diff --git a/frontend/src/components/ledger/LedgerList.vue b/frontend/src/components/ledger/LedgerList.vue
index 7bbb909..e560086 100644
--- a/frontend/src/components/ledger/LedgerList.vue
+++ b/frontend/src/components/ledger/LedgerList.vue
@@ -1,5 +1,5 @@
 <script setup lang="ts">
-import { ref, computed, onMounted, watch } from 'vue'
+import { ref, computed, onMounted, onUnmounted, watch } from 'vue'
 import { ElMessage, ElMessageBox } from 'element-plus'
 import { Plus } from '@element-plus/icons-vue'
 import { useLedgerStore } from '@/stores/ledger'
@@ -139,6 +139,10 @@ onMounted(() => {
   }
 })
 
+onUnmounted(() => {
+  ledgerStore.stopSubscription()
+})
+
 watch(() => groupStore.currentGroupId, (newId, oldId) => {
   if (newId && newId !== oldId) {
     loadData()
diff --git a/frontend/src/stores/ledger.ts b/frontend/src/stores/ledger.ts
index f25885a..fba3cc7 100644
--- a/frontend/src/stores/ledger.ts
+++ b/frontend/src/stores/ledger.ts
@@ -16,6 +16,7 @@ export const useLedgerStore = defineStore('ledger', () => {
   const loading = ref(false)
   const summary = ref({ totalIncome: 0, totalExpense: 0, balance: 0 })
   const currentMonth = ref(new Date().toISOString().slice(0, 7))
+  let unsubFn: (() => Promise<void> | void) | null = null
 
   // 加载账目列表和汇总
   async function loadLedgers(groupId: string, month?: string) {
@@ -78,12 +79,19 @@ export const useLedgerStore = defineStore('ledger', () => {
 
   // 订阅实时更新
   async function startSubscription(groupId: string) {
-    await subscribeLedgers(groupId, () => {
-      // 收到变更后重新加载当前月份的数据
+    stopSubscription()
+    unsubFn = await subscribeLedgers(groupId, () => {
       loadLedgers(groupId)
     })
   }
 
+  function stopSubscription() {
+    if (unsubFn) {
+      unsubFn()
+      unsubFn = null
+    }
+  }
+
   return {
     ledgers,
     loading,
@@ -94,6 +102,7 @@ export const useLedgerStore = defineStore('ledger', () => {
     addLedger,
     editLedger,
     removeLedger,
-    startSubscription
+    startSubscription,
+    stopSubscription
   }
 })