fix: harden wechat mp oauth

packages/client-mobile/src/views/HomeView.vue

@@ -24,7 +24,7 @@ function isWechatBrowser(): boolean {
 /**
  * 用code完成登录
  */
-async function loginWithCode(code: string) {
+async function loginWithCode(code: string, state?: string) {
   isProcessing.value = true;
   showLoadingToast({ message: '登录中...', forbidClick: true });
 
@@ -32,7 +32,7 @@ async function loginWithCode(code: string) {
     const response = await fetch(`${apiUrl}/api/mp/login`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ code }),
+      body: JSON.stringify({ code, state }),
     });
 
     const result = await response.json();
@@ -92,11 +92,12 @@ async function redirectToWechatAuth() {
 async function handleWechatAuth() {
   // 检查URL中是否有code参数（授权回调）
   const code = route.query.code as string;
+  const state = route.query.state as string;
 
   if (code) {
     // 有code，用code完成登录
     console.log('[HomeView] Got code from callback, logging in...');
-    await loginWithCode(code);
+    await loginWithCode(code, state);
   } else {
     // 无code，跳转到授权页面
     console.log('[HomeView] No code, redirecting to auth...');