fix(auth): fail closed on token and validation checks

Made-with: Cursor

pro_v3.5.1/app/services/out/OutAccountServices.php

@@ -81,8 +81,9 @@ class OutAccountServices extends BaseServices
         $adminInfo = $services->parseToken(
             $token,
             'out',
-            fn($id) => $this->dao->get($id),
-            fn($adminInfo) => md5($adminInfo->appsecret)
+            fn($id) => $this->dao->getOne(['id' => $id, 'is_del' => 0]),
+            fn($adminInfo) => md5($adminInfo->appsecret),
+            fn($adminInfo) => (int)$adminInfo->status !== 2
         );
 
         return $adminInfo->hidden(['appsecret', 'ip', 'status']);
@@ -177,7 +178,7 @@ class OutAccountServices extends BaseServices
 
         CacheService::redisHandler('out')->delete($md5Token);
 
-        $token = $jwtAuth->createToken($id, $type);
+        $token = $jwtAuth->createToken($id, $type, ['auth' => md5($authInfo->appsecret)]);
         $data['last_time'] = time();
         $data['ip'] = request()->ip();
         $this->dao->update($id, $data);