feat: login email code need

nonhana · nonhana · commit 34cc494389b0 · 2026-01-20T15:04:46.000+08:00
diff --git a/apps/backend/src/app.module.ts b/apps/backend/src/app.module.ts
@@ -7,6 +7,7 @@ import { AllExceptionFilter } from './common/filters/all-exception.filter'
 import { TransformInterceptor } from './common/interceptors/transform.interceptor'
 import { WinstonLogger } from './common/logger/winston-logger.service'
 import { CookieModule } from './cookie/cookie.module'
+import { EmailCodeModule } from './email-code/email-code.module'
 import { EnvConfigModule } from './infra/env-config/env-config.module'
 import { PrismaModule } from './infra/prisma/prisma.module'
 import { RedisModule } from './infra/redis/redis.module'
@@ -38,6 +39,7 @@ import { UtilModule } from './util/util.module'
     ApiModule,
     UtilModule,
     ProxyModule,
+    EmailCodeModule,
   ],
   controllers: [AppController],
   providers: [
diff --git a/apps/backend/src/auth/auth.module.ts b/apps/backend/src/auth/auth.module.ts
@@ -1,6 +1,7 @@
 import { Module } from '@nestjs/common'
 import { AuthGuard } from '@/common/guards/auth.guard'
 import { CookieModule } from '@/cookie/cookie.module'
+import { EmailCodeModule } from '@/email-code/email-code.module'
 import { PrismaModule } from '@/infra/prisma/prisma.module'
 import { SystemConfigModule } from '@/infra/system-config/system-config.module'
 import { SessionModule } from '@/session/session.module'
@@ -13,6 +14,7 @@ import { AuthService } from './auth.service'
     PrismaModule,
     CookieModule,
     SystemConfigModule,
+    EmailCodeModule,
   ],
   controllers: [AuthController],
   providers: [AuthService, AuthGuard],
diff --git a/apps/backend/src/auth/auth.service.ts b/apps/backend/src/auth/auth.service.ts
@@ -4,6 +4,7 @@ import { compare, hash } from 'bcrypt'
 import { HanaException } from '@/common/exceptions/hana.exception'
 import { DEFAULT_COOKIE_MAX_AGE, REMEMBER_ME_COOKIE_MAX_AGE } from '@/constants/cookie'
 import { RoleName } from '@/constants/role'
+import { EmailCodeService } from '@/email-code/email-code.service'
 import { PrismaService } from '@/infra/prisma/prisma.service'
 import { SystemConfigService } from '@/infra/system-config/system-config.service'
 import { SessionService } from '@/session/session.service'
@@ -18,6 +19,7 @@ export class AuthService {
     private readonly prisma: PrismaService,
     private readonly sessionService: SessionService,
     private readonly systemConfigService: SystemConfigService,
+    private readonly emailCodeService: EmailCodeService,
   ) {}
 
   /** 对密码进行哈希处理 */
@@ -209,14 +211,25 @@ export class AuthService {
 
   /** 用户注册 */
   async register(dto: RegisterReqDto) {
-    const registerEnabled = this.systemConfigService.get<boolean>(SystemConfigKey.REGISTER_ENABLED)
-    if (!registerEnabled) {
-      throw new HanaException('REGISTER_DISABLED')
-    }
-
-    const { email, username, name, password, confirmPassword } = dto
+    const { email, verificationCode, username, name, password, confirmPassword } = dto
 
     try {
+      // 系统配置校验
+    // 1. 是否允许注册
+      const registerEnabled = this.systemConfigService.get<boolean>(SystemConfigKey.REGISTER_ENABLED)
+      if (!registerEnabled) {
+        throw new HanaException('REGISTER_DISABLED')
+      }
+
+      // 2. 是否需要邮箱验证
+      const registerEmailVerify = this.systemConfigService.get<boolean>(SystemConfigKey.REGISTER_EMAIL_VERIFY)
+      if (registerEmailVerify) {
+        if (!verificationCode) {
+          throw new HanaException('REGISTER_EMAIL_VERIFY_REQUIRED')
+        }
+        await this.emailCodeService.verifyEmailCode(email, verificationCode)
+      }
+
       // 验证密码确认
       if (password !== confirmPassword) {
         throw new HanaException('PASSWORD_MISMATCH')
diff --git a/apps/backend/src/auth/dto/register.dto.ts b/apps/backend/src/auth/dto/register.dto.ts
@@ -1,10 +1,15 @@
-import { IsEmail, IsNotEmpty, IsString, Length, Matches, MinLength } from 'class-validator'
+import { IsEmail, IsNotEmpty, IsOptional, IsString, Length, Matches, MinLength } from 'class-validator'
 
 export class RegisterReqDto {
   @IsEmail({}, { message: '请输入有效的邮箱地址' })
   @IsNotEmpty({ message: '邮箱不能为空' })
   email: string
 
+  @IsOptional()
+  @IsString({ message: '验证码必须是字符串' })
+  @Length(6, 6, { message: '验证码长度必须是 6 位数字' })
+  verificationCode?: string
+
   @IsString({ message: '用户名必须是字符串' })
   @Length(3, 20, { message: '用户名长度必须在3-20位之间' })
   @Matches(/^[\w-]+$/, {
diff --git a/apps/backend/src/email-code/dto/email.dto.ts b/apps/backend/src/email-code/dto/email.dto.ts
@@ -0,0 +1,7 @@
+import { IsEmail, IsNotEmpty } from 'class-validator'
+
+export class EmailDto {
+  @IsEmail({}, { message: '请输入有效的邮箱地址' })
+  @IsNotEmpty({ message: '邮箱不能为空' })
+  email: string
+}
diff --git a/apps/backend/src/email-code/dto/index.ts b/apps/backend/src/email-code/dto/index.ts
@@ -0,0 +1 @@
+export * from './email.dto'
diff --git a/apps/backend/src/email-code/email-code.controller.ts b/apps/backend/src/email-code/email-code.controller.ts
@@ -0,0 +1,19 @@
+import { Body, Controller, Post } from '@nestjs/common'
+import { Public } from '@/common/decorators/public.decorator'
+import { ResMsg } from '@/common/decorators/res-msg.decorator'
+import { EmailDto } from './dto'
+import { EmailCodeService } from './email-code.service'
+
+@Controller('email-code')
+export class EmailCodeController {
+  constructor(private readonly emailCodeService: EmailCodeService) {}
+
+  /** 发送邮箱验证码 */
+  @Public()
+  @Post('send')
+  @ResMsg('验证码已发送')
+  async sendEmailCode(@Body() dto: EmailDto): Promise<void> {
+    const { email } = dto
+    await this.emailCodeService.sendEmailCode(email)
+  }
+}
diff --git a/apps/backend/src/email-code/email-code.module.ts b/apps/backend/src/email-code/email-code.module.ts
@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common'
+import { UtilModule } from '@/util/util.module'
+import { EmailCodeController } from './email-code.controller'
+import { EmailCodeService } from './email-code.service'
+
+@Module({
+  imports: [UtilModule],
+  controllers: [EmailCodeController],
+  providers: [EmailCodeService],
+  exports: [EmailCodeService],
+})
+export class EmailCodeModule {}
diff --git a/apps/backend/src/email-code/email-code.service.ts b/apps/backend/src/email-code/email-code.service.ts
@@ -0,0 +1,66 @@
+import { randomInt } from 'node:crypto'
+import { Inject, Injectable, Logger } from '@nestjs/common'
+import { Redis } from 'ioredis'
+import { HanaException } from '@/common/exceptions/hana.exception'
+import { REDIS_CLIENT } from '@/infra/redis/redis.module'
+import { UtilService } from '@/util/util.service'
+
+@Injectable()
+export class EmailCodeService {
+  private readonly logger = new Logger(EmailCodeService.name)
+  private readonly verificationCodeTTL = 5 * 60 // 5 分钟，单位：秒
+
+  constructor(
+    private readonly utilService: UtilService,
+    @Inject(REDIS_CLIENT) private readonly redisClient: Redis,
+  ) {}
+
+  // [0, 1000000) 之间的安全整数，左侧补零至 6 位
+  private genCode() {
+    return randomInt(0, 1000000).toString().padStart(6, '0')
+  }
+
+  // 获取 Redis 中验证码的 Key
+  private getCodeKey(email: string) {
+    return `email:code:${email}`
+  }
+
+  /** 发送邮箱验证码 */
+  async sendEmailCode(email: string) {
+    try {
+      const code = this.genCode()
+      const key = this.getCodeKey(email)
+
+      await this.redisClient.setex(key, this.verificationCodeTTL, code)
+
+      await this.utilService.sendMail({
+        to: email,
+        subject: '【Apiplayer】账号安全验证码',
+        text: `你的验证码是 ${code} ，5 分钟内有效。如非本人操作，请忽略本邮件。`,
+        html: `<p>你的验证码是 <strong>${code}</strong> ，5 分钟内有效。</p><p>如果不是你本人操作，请尽快检查账号安全。</p>`,
+      })
+
+      this.logger.log(`为邮箱 ${email} 发送了邮箱验证码`)
+    }
+    catch (error) {
+      if (error instanceof HanaException) {
+        throw error
+      }
+      this.logger.error('发送邮箱验证码失败:', error)
+      throw new HanaException('INTERNAL_SERVER_ERROR')
+    }
+  }
+
+  /** 校验邮箱验证码 */
+  async verifyEmailCode(email: string, code: string) {
+    const key = this.getCodeKey(email)
+    const storedCode = await this.redisClient.get(key)
+
+    if (!storedCode || storedCode !== code) {
+      throw new HanaException('INVALID_VERIFICATION_CODE')
+    }
+
+    // 校验通过后立即删除验证码
+    await this.redisClient.del(key)
+  }
+}
diff --git a/apps/backend/src/user/user.controller.ts b/apps/backend/src/user/user.controller.ts
@@ -1,4 +1,4 @@
-import { Body, Controller, Get, Patch, Post, Query, UseGuards } from '@nestjs/common'
+import { Body, Controller, Get, Patch, Query, UseGuards } from '@nestjs/common'
 import { plainToInstance } from 'class-transformer'
 import { ReqUser } from '@/common/decorators/req-user.decorator'
 import { UserDetailInfoDto } from '@/common/dto/user.dto'
@@ -29,14 +29,6 @@ export class UserController {
     return plainToInstance(UserDetailInfoDto, result)
   }
 
-  /** 发送用于敏感信息修改的邮箱验证码 */
-  @Post('profile/verification-code')
-  async sendProfileVerificationCode(
-    @ReqUser('id') userId: string,
-  ): Promise<void> {
-    await this.userService.sendProfileVerificationCode(userId)
-  }
-
   /** 分页搜索用户 */
   @Get('search')
   async searchUsers(
diff --git a/apps/backend/src/user/user.module.ts b/apps/backend/src/user/user.module.ts
@@ -1,12 +1,12 @@
 import { Module } from '@nestjs/common'
 import { AuthModule } from '@/auth/auth.module'
+import { EmailCodeModule } from '@/email-code/email-code.module'
 import { PrismaModule } from '@/infra/prisma/prisma.module'
-import { UtilModule } from '@/util/util.module'
 import { UserController } from './user.controller'
 import { UserService } from './user.service'
 
 @Module({
-  imports: [PrismaModule, AuthModule, UtilModule],
+  imports: [PrismaModule, AuthModule, EmailCodeModule],
   controllers: [UserController],
   providers: [UserService],
   exports: [UserService],
diff --git a/apps/backend/src/user/user.service.ts b/apps/backend/src/user/user.service.ts
@@ -1,37 +1,22 @@
-import { Inject, Injectable, Logger } from '@nestjs/common'
-import Redis from 'ioredis'
+import { Injectable, Logger } from '@nestjs/common'
 import { UserUpdateInput, UserWhereInput } from 'prisma/generated/models'
 import { AuthService } from '@/auth/auth.service'
 import { HanaException } from '@/common/exceptions/hana.exception'
+import { EmailCodeService } from '@/email-code/email-code.service'
 import { PrismaService } from '@/infra/prisma/prisma.service'
-import { REDIS_CLIENT } from '@/infra/redis/redis.module'
-import { UtilService } from '@/util/util.service'
 import { SearchUsersReqDto } from './dto/search-users.dto'
 import { UpdateUserProfileReqDto } from './dto/update-profile.dto'
 
 @Injectable()
 export class UserService {
   private readonly logger = new Logger(UserService.name)
-  private readonly verificationCodeTTL = 5 * 60 // 5 分钟，单位：秒
 
   constructor(
     private readonly prisma: PrismaService,
     private readonly authService: AuthService,
-    private readonly utilService: UtilService,
-    @Inject(REDIS_CLIENT) private readonly redisClient: Redis,
+    private readonly emailCodeService: EmailCodeService,
   ) {}
 
-  /** 生成用于安全操作的邮箱验证码 */
-  private generateVerificationCode(): string {
-    const code = Math.floor(100000 + Math.random() * 900000)
-    return code.toString()
-  }
-
-  /** 获取用户验证码在 Redis 中的 key */
-  private getVerificationCodeKey(userId: string): string {
-    return `user:profile:verification:${userId}`
-  }
-
   /** 获取用户详细资料 */
   async getUserProfile(userId: string) {
     try {
@@ -53,46 +38,6 @@ export class UserService {
     }
   }
 
-  /** 发送用于修改邮箱 / 密码等敏感信息的邮箱验证码 */
-  async sendProfileVerificationCode(userId: string) {
-    try {
-      const user = await this.prisma.user.findUnique({
-        where: { id: userId },
-      })
-
-      if (!user) {
-        throw new HanaException('USER_NOT_FOUND')
-      }
-
-      if (!user.isActive) {
-        throw new HanaException('ACCOUNT_DISABLED')
-      }
-
-      const code = this.generateVerificationCode()
-      const key = this.getVerificationCodeKey(userId)
-
-      // 将验证码写入 Redis，并设置过期时间
-      await this.redisClient.setex(key, this.verificationCodeTTL, code)
-
-      // 通过统一的邮件发送服务发送验证码
-      await this.utilService.sendMail({
-        to: user.email,
-        subject: '【Apiplayer】账号安全验证码',
-        text: `你的验证码是 ${code} ，5 分钟内有效。如非本人操作，请忽略本邮件。`,
-        html: `<p>你的验证码是 <strong>${code}</strong> ，5 分钟内有效。</p><p>如果不是你本人操作，请尽快检查账号安全。</p>`,
-      })
-
-      this.logger.log(`为用户 ${user.id} 发送了邮箱验证码`)
-    }
-    catch (error) {
-      if (error instanceof HanaException) {
-        throw error
-      }
-      this.logger.error('发送邮箱验证码失败:', error)
-      throw new HanaException('INTERNAL_SERVER_ERROR')
-    }
-  }
-
   /** 更新用户个人资料（邮箱 / 密码 变更需校验验证码） */
   async updateUserProfile(dto: UpdateUserProfileReqDto, userId: string) {
     const {
@@ -126,16 +71,7 @@ export class UserService {
         if (!verificationCode) {
           throw new HanaException('INVALID_VERIFICATION_CODE')
         }
-
-        const key = this.getVerificationCodeKey(userId)
-        const storedCode = await this.redisClient.get(key)
-
-        if (!storedCode || storedCode !== verificationCode) {
-          throw new HanaException('INVALID_VERIFICATION_CODE')
-        }
-
-        // 校验通过后立即失效，防止重复使用
-        await this.redisClient.del(key)
+        await this.emailCodeService.verifyEmailCode(user.email, verificationCode)
       }
 
       const updateData: UserUpdateInput = {}
diff --git a/apps/backend/src/util/util.controller.ts b/apps/backend/src/util/util.controller.ts
@@ -4,6 +4,7 @@ import type { JsonValue } from 'type-fest'
 import type { MailProvider } from '@/infra/email/email.types'
 import { Body, Controller, Post, Req, UseGuards } from '@nestjs/common'
 import { Schema } from 'json-schema-faker'
+import { Public } from '@/common/decorators/public.decorator'
 import { HanaException } from '@/common/exceptions/hana.exception'
 import { AuthGuard } from '@/common/guards/auth.guard'
 import { UPLOADS_URL_PREFIX } from '@/constants/file-upload'
@@ -46,6 +47,7 @@ export class UtilController {
 
   /** 发送邮件 */
   @Post('email/send')
+  @Public()
   async sendEmail(
     @Body() body: SendEmailDto,
   ): Promise<{ id?: string, provider: MailProvider }> {
@@ -64,6 +66,7 @@ export class UtilController {
 
   /** 生成 Schema mock 数据 */
   @Post('schema-mock')
+  @Public()
   async getSchemaMock(
     @Body() body: Schema,
   ): Promise<JsonValue> {
diff --git a/apps/backend/src/util/util.module.ts b/apps/backend/src/util/util.module.ts
@@ -1,4 +1,4 @@
-import { Module } from '@nestjs/common'
+import { forwardRef, Module } from '@nestjs/common'
 import { AuthModule } from '@/auth/auth.module'
 import { ResendMailService } from '@/infra/email/resend-mail.service'
 import { LocalUploadService } from '@/infra/upload/local-upload.service'
@@ -7,7 +7,7 @@ import { UtilController } from './util.controller'
 import { UtilService } from './util.service'
 
 @Module({
-  imports: [AuthModule],
+  imports: [forwardRef(() => AuthModule)],
   controllers: [UtilController],
   providers: [UtilService, LocalUploadService, ResendMailService, R2Service],
   exports: [UtilService],
diff --git a/apps/frontend/src/api/email-code.ts b/apps/frontend/src/api/email-code.ts
@@ -0,0 +1,7 @@
+import http from '@/service'
+
+export const emailCodeApi = {
+  /** 发送邮箱验证码 */
+  sendEmailCode: (email: string) =>
+    http.post('email-code/send', { json: { email } }).json<void>(),
+} as const
diff --git a/apps/frontend/src/api/user.ts b/apps/frontend/src/api/user.ts
diff --git a/apps/frontend/src/components/settings/menu/Account.vue b/apps/frontend/src/components/settings/menu/Account.vue
diff --git a/apps/frontend/src/validators/register.ts b/apps/frontend/src/validators/register.ts
diff --git a/apps/frontend/src/views/auth/RegisterView.vue b/apps/frontend/src/views/auth/RegisterView.vue
diff --git a/packages/shared/src/errors.ts b/packages/shared/src/errors.ts
