refactor(server): simplify user ID comparison for locks

- Introduced a new utility function `sameUserId` to streamline user ID comparisons across multiple API endpoints.
- Updated lock validation logic in the skill and agent management routes to utilize the new function, enhancing code readability and maintainability.

server.js

@@ -131,6 +131,12 @@ function getActiveLock(doc) {
   return { userId: doc.lock.userId, by: doc.lock.nickname || doc.lock.by || doc.lock.userId, at: doc.lock.at }
 }
 
+function sameUserId(a, b) {
+  const lhs = String(a ?? '').trim()
+  const rhs = String(b ?? '').trim()
+  return lhs.length > 0 && rhs.length > 0 && lhs === rhs
+}
+
 function extractDescription(files) {
   const skillFile = files.find(f => f.path === 'SKILL.md' || f.path.endsWith('SKILL.md'))
   if (!skillFile) return ''
@@ -423,7 +429,7 @@ app.post('/api/skills/:name/lock', async (req, res) => {
         return res.status(404).json({ success: false, error: 'Skill not found' })
       }
       const activeLock = getActiveLock(skill)
-      if (activeLock && activeLock.userId !== req.user.id) {
+      if (activeLock && !sameUserId(activeLock.userId, req.user.id)) {
         return res.status(423).json({ success: false, error: `${activeLock.by} 正在编辑`, locked_by: activeLock.by })
       }
       await skillsCollection.updateOne(
@@ -449,7 +455,7 @@ app.delete('/api/skills/:name/lock', async (req, res) => {
       }
       const activeLock = getActiveLock(skill)
       const isAdmin = req.user.role === 'admin'
-      if (activeLock && activeLock.userId !== req.user.id && !isAdmin) {
+      if (activeLock && !sameUserId(activeLock.userId, req.user.id) && !isAdmin) {
         return res.status(403).json({ success: false, error: '只能由加锁用户或管理员解锁' })
       }
       await skillsCollection.updateOne(
@@ -544,7 +550,7 @@ app.post('/api/skills/:name/publish', async (req, res) => {
 
       if (existingSkill) {
         const activeLock = getActiveLock(existingSkill)
-        if (activeLock && activeLock.userId !== userId) {
+        if (activeLock && !sameUserId(activeLock.userId, userId)) {
           return res.status(423).json({
             success: false,
             error: `${activeLock.by} 正在编辑，暂时不能发布`,
@@ -846,7 +852,7 @@ app.post('/api/agents/:name/publish', async (req, res) => {
 
       if (existing) {
         const activeLock = getActiveLock(existing)
-        if (activeLock && activeLock.userId !== userId) {
+        if (activeLock && !sameUserId(activeLock.userId, userId)) {
           return res.status(423).json({
             success: false,
             error: `${activeLock.by} 正在编辑，暂时不能发布`,
@@ -916,7 +922,7 @@ app.post('/api/agents/:name/lock', async (req, res, next) => {
       const agent = await agentsCollection.findOne({ name: req.params.name })
       if (!agent) return res.status(404).json({ success: false, error: 'Agent not found' })
       const activeLock = getActiveLock(agent)
-      if (activeLock && activeLock.userId !== req.user.id) {
+      if (activeLock && !sameUserId(activeLock.userId, req.user.id)) {
         return res.status(423).json({ success: false, error: `${activeLock.by} 正在编辑`, locked_by: activeLock.by })
       }
       await agentsCollection.updateOne({ _id: agent._id }, { $set: { lock: { userId: req.user.id, nickname: req.user.nickname || req.user.email, at: new Date().toISOString() } } })
@@ -937,7 +943,7 @@ app.delete('/api/agents/:name/lock', async (req, res, next) => {
       if (!agent) return res.status(404).json({ success: false, error: 'Agent not found' })
       const activeLock = getActiveLock(agent)
       const isAdmin = req.user.role === 'admin'
-      if (activeLock && activeLock.userId !== req.user.id && !isAdmin) {
+      if (activeLock && !sameUserId(activeLock.userId, req.user.id) && !isAdmin) {
         return res.status(403).json({ success: false, error: '只能由加锁用户或管理员解锁' })
       }
       await agentsCollection.updateOne({ _id: agent._id }, { $unset: { lock: '' } })