chatroom/app/Http/Controllers/Api/VerificationController.php

<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Models\SysParam;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Mail;

class VerificationController extends Controller
{
    /**
     * 发送绑定邮箱所需的验证码
     */
    public function sendEmailCode(Request $request): JsonResponse
    {
        $request->validate([
            'email' => 'required|email'
        ]);

        $email = $request->input('email');
        $user = $request->user();

        // 1. 检查总控制开关
        if (SysParam::where('alias', 'smtp_enabled')->value('body') !== '1') {
            return response()->json([
                'status' => 'error',
                'message' => '抱歉，当前系统未开启外部邮件发信服务，请联系管理员。'
            ], 403);
        }

        // 2. 检查是否有频率限制（同一用户或同一邮箱，60秒只允许发1次）
        $throttleKey = 'email_throttle_' . $user->id;
        if (Cache::has($throttleKey)) {
            $ttl = Cache::ttl($throttleKey);
            return response()->json([
                'status' => 'error',
                'message' => "发送过于频繁，请等待 {$ttl} 秒后再试。"
            ], 429);
        }

        // 3. 生成 6 位随机验证码并缓存，有效期 5 分钟
        $code = mt_rand(100000, 999999);
        $codeKey = 'email_verify_code_' . $user->id . '_' . $email;
        Cache::put($codeKey, $code, now()->addMinutes(5));

        // 设置频率锁，过期时间 60 秒
        Cache::put($throttleKey, true, now()->addSeconds(60));

        // 4. 执行发信动作
        try {
            Mail::raw("【飘落的流星】聊天室\n\n您正在试图绑定或修改您的验证邮箱。\n该操作的验证码为：{$code}\n打死不要告诉其他人哦！验证码5分钟内有效。", function ($msg) use ($email) {
                $msg->to($email)->subject('飘落流星聊天室 - 绑定邮箱验证码');
            });

            return response()->json([
                'status' => 'success',
                'message' => '验证码已发送，请注意查收邮件。'
            ]);
        } catch (\Throwable $e) {
            // 如果发信失败，主动接触频率限制锁方便用户下一次立重试
            Cache::forget($throttleKey);
            return response()->json([
                'status' => 'error',
                'message' => '邮件系统发送异常，请稍后再试: ' . $e->getMessage()
            ], 500);
        }
    }
}