From d25fbac8e9d5e3149e1111bb17ba8a0cfc0b40dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=BA=90=E6=96=87=E9=9B=A8?=
 <41315874+fumiama@users.noreply.github.com>
Date: Mon, 8 May 2023 14:43:47 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=20login?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/login.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/backend/login.go b/backend/login.go
index 53b2b9e..6dee461 100644
--- a/backend/login.go
+++ b/backend/login.go
@@ -27,6 +27,7 @@ var (
 	errWrongPassword       = errors.New("invalid username or password")
 	errTooManyFailedLogins = errors.New("too many failed logins")
 	errAccountIsDisabled   = errors.New("account is disabled")
+	errUserTokenFull       = errors.New("user token full")
 )
 
 const (
@@ -143,6 +144,14 @@ func login(username, challenge string) (*loginResult, error) {
 		return nil, err
 	}
 	token := base64.RawStdEncoding.EncodeToString(buf[:])
+	cnt := 0
+	for usertokens.Get(token) != nil && cnt < 4096 {
+		token = base64.RawStdEncoding.EncodeToString(buf[:])
+		cnt++
+	}
+	if cnt >= 4096 {
+		return nil, errUserTokenFull
+	}
 	usertokens.Set(token, &user)
 	loginstatus.Store(username, loginStatusYes)
 	return &loginResult{