feat: 忘记密码升级为智能分流向导并部署IP/账号双层防扫防轰炸限流保护

This commit is contained in:
pllx
2026-07-01 11:11:20 +08:00
parent 879dcb0b59
commit b098639db5
6 changed files with 633 additions and 49 deletions
@@ -19,6 +19,7 @@ use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Str;
/**
@@ -37,6 +38,64 @@ class PasswordResetController extends Controller
]);
}
/**
* 账号检测接口:根据昵称检测是否绑定微信或邮箱,并提供分流依据(支持 IP 防扫限流)。
*/
public function checkAccount(Request $request): JsonResponse
{
$request->validate([
'username' => 'required|string|max:100',
]);
$username = trim((string) $request->input('username'));
$ip = $request->ip();
// IP 防扫描节流限制:每个 IP 每 1 分钟最多请求 5 次
$ipKey = 'pw-check:ip:'.$ip;
if (RateLimiter::tooManyAttempts($ipKey, 5)) {
$seconds = RateLimiter::availableIn($ipKey);
return response()->json([
'status' => 'error',
'message' => "账号检测请求过于频繁,请在 {$seconds} 秒后重试。",
], 429);
}
RateLimiter::hit($ipKey, 60);
$user = User::query()->where('username', $username)->first();
if (! $user) {
return response()->json([
'status' => 'not_found',
'message' => '抱歉,没有找到该昵称对应的账号。请确认后再试。',
]);
}
$hasEmail = ! empty($user->email);
$hasWechat = ! empty($user->wxid);
// 对邮箱地址进行安全脱敏(如 pllx@ay.lc -> p***x@ay.lc
$maskedEmail = '';
if ($hasEmail) {
$parts = explode('@', $user->email);
$name = $parts[0] ?? '';
$domain = $parts[1] ?? '';
$len = strlen($name);
if ($len <= 2) {
$maskedEmail = substr($name, 0, 1).'*'.'@'.$domain;
} else {
$maskedEmail = substr($name, 0, 1).str_repeat('*', $len - 2).substr($name, -1).'@'.$domain;
}
}
return response()->json([
'status' => 'success',
'username' => $user->username,
'has_email' => $hasEmail,
'has_wechat' => $hasWechat,
'masked_email' => $maskedEmail,
]);
}
/**
* 发送邮箱找回密码链接。
*/
@@ -49,7 +108,42 @@ class PasswordResetController extends Controller
], 403);
}
$email = trim((string) $request->string('email'));
$email = trim((string) $request->input('email', ''));
$username = trim((string) $request->input('username', ''));
$ip = $request->ip();
if ($username !== '') {
$user = User::query()->where('username', $username)->first();
if (! $user || empty($user->email)) {
return response()->json([
'status' => 'error',
'message' => '找不到绑定了邮箱的账号。',
], 422);
}
$email = $user->email;
}
// 1. IP 级别发信限流:限制单个 IP 每分钟最多请求 2 次
$ipKey = 'pw-email:ip:'.$ip;
if (RateLimiter::tooManyAttempts($ipKey, 2)) {
$seconds = RateLimiter::availableIn($ipKey);
return response()->json([
'status' => 'error',
'message' => "发送验证链接过于频繁,请在 {$seconds} 秒后重试。",
], 429);
}
// 2. 账号邮箱级别冷却锁:同一个邮箱每 3 分钟限发 1 次,防止狂刷邮件轰炸他人
$targetKey = 'pw-email:target:'.md5($email);
if (RateLimiter::tooManyAttempts($targetKey, 1)) {
$seconds = RateLimiter::availableIn($targetKey);
return response()->json([
'status' => 'error',
'message' => "该账号申请重置链接过于频繁,请在 {$seconds} 秒后重试。",
], 429);
}
// 邮箱找回必须保证一邮一号,否则重置目标会产生歧义。
if (User::query()->where('email', $email)->count() > 1) {
@@ -59,6 +153,10 @@ class PasswordResetController extends Controller
], 422);
}
// 记录发信请求频率
RateLimiter::hit($ipKey, 60);
RateLimiter::hit($targetKey, 180);
$status = Password::sendResetLink(['email' => $email]);
if ($status === Password::RESET_LINK_SENT) {
@@ -31,7 +31,8 @@ class SendPasswordResetLinkRequest extends FormRequest
public function rules(): array
{
return [
'email' => ['required', 'email', 'max:255'],
'email' => ['required_without:username', 'nullable', 'email', 'max:255'],
'username' => ['required_without:email', 'nullable', 'string', 'max:100'],
];
}
@@ -43,9 +44,9 @@ class SendPasswordResetLinkRequest extends FormRequest
public function messages(): array
{
return [
'email.required' => '请输入已绑定账号的邮箱地址。',
'email.email' => '邮箱格式不正确,请重新输入。',
'email.max' => '邮箱长度不能超过 255 个字符。',
'email.required_without' => '请输入绑定邮箱或用户昵称。',
];
}
}
+184 -21
View File
@@ -1,6 +1,7 @@
// 邮箱找回密码页交互入口,负责 AJAX 发送重置链接和页面提示。
// 忘记密码页交互逻辑:智能账号检测与分流引导
let passwordForgotControlsBound = false;
let currentUsername = "";
/**
* 读取 CSRF 令牌,供找回密码请求使用。
@@ -30,33 +31,73 @@ function showAlert(message, type) {
}
/**
* 提交邮箱找回密码请求
* 隐藏找回密码页面提示
*
* @returns {void}
*/
function hideAlert() {
const alertBox = document.getElementById("alert-box");
if (alertBox) {
alertBox.style.display = "none";
}
}
/**
* 绑定双绑定状态下的选项卡切换事件。
*
* @returns {void}
*/
function bindTabEvents() {
const tabsContainer = document.getElementById("channel-tabs");
if (!tabsContainer) {
return;
}
tabsContainer.addEventListener("click", (event) => {
const btn = event.target.closest(".tab-btn");
if (!btn) {
return;
}
// 清除所有高亮
tabsContainer.querySelectorAll(".tab-btn").forEach((b) => b.classList.remove("active"));
btn.classList.add("active");
// 切换显示面板
const targetId = btn.getAttribute("data-target");
document.querySelectorAll(".channel-pane").forEach((pane) => {
if (pane.id === targetId) {
pane.style.display = "block";
} else {
pane.style.display = "none";
}
});
});
}
/**
* 第一步:提交昵称检测账号绑定状态。
*
* @param {SubmitEvent} event
* @returns {Promise<void>}
*/
async function submitPasswordRecovery(event) {
async function submitAccountDetect(event) {
event.preventDefault();
const form = event.target;
const submitButton = document.getElementById("submit-btn");
const alertBox = document.getElementById("alert-box");
const detectBtn = document.getElementById("detect-btn");
if (!(form instanceof HTMLFormElement)) {
return;
}
if (submitButton instanceof HTMLButtonElement) {
submitButton.disabled = true;
submitButton.innerText = "发送中...";
}
if (alertBox) {
alertBox.style.display = "none";
if (detectBtn instanceof HTMLButtonElement) {
detectBtn.disabled = true;
detectBtn.innerText = "账号检索中...";
}
hideAlert();
try {
const response = await fetch(form.getAttribute("data-password-email-url") ?? form.action, {
const response = await fetch(form.action, {
method: "POST",
credentials: "same-origin",
headers: {
"Content-Type": "application/json",
"X-CSRF-TOKEN": getCsrfToken(),
@@ -66,16 +107,121 @@ async function submitPasswordRecovery(event) {
});
const body = await response.json();
if (response.status === 200 && body.status === "success") {
showAlert(body.message, "success");
form.reset();
if (response.status === 429) {
showAlert(body.message || "请求过于频繁,请稍后再试。", "error");
return;
}
const errorMessage = body.message || (body.errors ? Object.values(body.errors)[0][0] : "邮件发送失败,请稍后重试。");
if (body.status === "not_found") {
showAlert(body.message, "error");
return;
}
if (body.status === "success") {
currentUsername = body.username;
document.getElementById("step-detect").style.display = "none";
document.getElementById("step-result").style.display = "block";
document.getElementById("recovery-title").innerText = "密码找回建议";
document.getElementById("forgot-footer").style.display = "none";
const summary = document.getElementById("detect-summary");
const tabs = document.getElementById("channel-tabs");
const panelWechat = document.getElementById("panel-wechat");
const panelEmail = document.getElementById("panel-email");
const panelNone = document.getElementById("panel-none");
// 默认隐藏所有特定面板
tabs.style.display = "none";
panelWechat.style.display = "none";
panelEmail.style.display = "none";
panelNone.style.display = "none";
const hasEmail = body.has_email;
const hasWechat = body.has_wechat;
if (hasEmail && hasWechat) {
summary.innerHTML = `检测到账号 <strong style="color:var(--gold);">${currentUsername}</strong> 已同时绑定了微信和邮箱。您可以选择以下任意一种方式找回密码:`;
tabs.style.display = "grid";
// 默认选中微信面板
tabs.querySelectorAll(".tab-btn").forEach((b) => b.classList.remove("active"));
const wechatTabBtn = tabs.querySelector('[data-target="panel-wechat"]');
if (wechatTabBtn) {
wechatTabBtn.classList.add("active");
}
panelWechat.style.display = "block";
} else if (hasWechat) {
summary.innerHTML = `检测到账号 <strong style="color:var(--gold);">${currentUsername}</strong> 仅绑定了微信。系统不支持邮箱找回,建议您使用微信助手进行重置:`;
panelWechat.style.display = "block";
} else if (hasEmail) {
summary.innerHTML = `检测到账号 <strong style="color:var(--gold);">${currentUsername}</strong> 仅绑定了邮箱。建议您使用邮箱发送重置链接找回:`;
panelEmail.style.display = "block";
const emailInput = document.getElementById("email");
if (emailInput instanceof HTMLInputElement) {
emailInput.value = body.masked_email;
}
} else {
summary.innerHTML = `检测到账号 <strong style="color:var(--gold);">${currentUsername}</strong> 尚未绑定微信或邮箱找回途径:`;
panelNone.style.display = "block";
}
}
} catch {
showAlert("网络或服务器连接异常,请稍后再试。", "error");
} finally {
if (detectBtn instanceof HTMLButtonElement) {
detectBtn.disabled = false;
detectBtn.innerText = "下一步 (检测账号)";
}
}
}
/**
* 第二步:提交发送重置链接邮件请求。
*
* @param {SubmitEvent} event
* @returns {Promise<void>}
*/
async function submitPasswordRecovery(event) {
event.preventDefault();
const form = event.target;
const submitButton = document.getElementById("submit-btn");
if (!(form instanceof HTMLFormElement)) {
return;
}
if (submitButton instanceof HTMLButtonElement) {
submitButton.disabled = true;
submitButton.innerText = "发送重置链接中...";
}
hideAlert();
try {
const response = await fetch(form.getAttribute("data-password-email-url") ?? "", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-CSRF-TOKEN": getCsrfToken(),
Accept: "application/json",
},
body: JSON.stringify({
username: currentUsername,
}),
});
const body = await response.json();
if (response.status === 429) {
showAlert(body.message || "请求发送过于频繁,请稍后再试。", "error");
return;
}
if (body.status === "success") {
showAlert(body.message, "success");
return;
}
const errorMessage = body.message || (body.errors ? Object.values(body.errors)[0][0] : "重置邮件发送失败,请稍后重试。");
showAlert(errorMessage, "error");
} catch {
showAlert("网络或服务器异常,请稍后再试。", "error");
showAlert("网络发送异常,请稍后再试。", "error");
} finally {
if (submitButton instanceof HTMLButtonElement) {
submitButton.disabled = false;
@@ -85,7 +231,7 @@ async function submitPasswordRecovery(event) {
}
/**
* 绑定邮箱找回密码页提交事件。
* 绑定智能找回向导控制事件。
*
* @returns {void}
*/
@@ -93,11 +239,28 @@ function bindPasswordForgotControls() {
if (passwordForgotControlsBound || typeof document === "undefined") {
return;
}
passwordForgotControlsBound = true;
// 第一步表单提交
document.getElementById("account-detect-form")?.addEventListener("submit", (event) => {
void submitAccountDetect(event);
});
// 第二步发信表单提交
document.getElementById("password-recovery-form")?.addEventListener("submit", (event) => {
void submitPasswordRecovery(event);
});
// 返回按钮事件
document.getElementById("back-detect-btn")?.addEventListener("click", () => {
hideAlert();
document.getElementById("step-detect").style.display = "block";
document.getElementById("step-result").style.display = "none";
document.getElementById("recovery-title").innerText = "忘记密码";
document.getElementById("forgot-footer").style.display = "block";
});
bindTabEvents();
}
bindPasswordForgotControls();
+181 -25
View File
@@ -182,6 +182,101 @@
line-height: 1.7;
}
/* ── 智能引导 Tab 及微信向导样式 ── */
.tabs {
display: grid;
grid-template-columns: 1fr 1fr;
gap: 2px;
margin-bottom: 20px;
border: 1px solid var(--border);
background: rgba(255, 248, 236, 0.02);
padding: 2px;
}
.tab-btn {
height: 46px;
background: transparent;
border: none;
color: var(--text-soft);
font-size: 14px;
font-weight: 500;
cursor: pointer;
transition: all 0.2s ease;
font-family: inherit;
}
.tab-btn:hover {
color: var(--text);
background: rgba(255, 255, 255, 0.02);
}
.tab-btn.active {
color: var(--gold);
background: rgba(198, 163, 91, 0.08);
font-weight: 700;
}
.wechat-guide {
display: flex;
flex-direction: column;
gap: 12px;
margin-bottom: 18px;
}
.guide-step {
display: flex;
align-items: flex-start;
gap: 12px;
background: rgba(255, 248, 236, 0.02);
border: 1px solid rgba(198, 163, 91, 0.08);
padding: 12px 14px;
}
.step-num {
width: 22px;
height: 22px;
background: var(--gold);
color: var(--bg);
border-radius: 50%;
display: flex;
align-items: center;
justify-content: center;
font-weight: 900;
font-size: 12px;
flex-shrink: 0;
box-shadow: 0 0 10px rgba(198, 163, 91, 0.2);
}
.step-desc {
font-size: 13.5px;
line-height: 1.6;
color: var(--text-soft);
}
.step-desc strong {
color: var(--text);
}
.cmd-badge {
display: inline-block;
padding: 2px 8px;
background: var(--red);
color: #fff;
font-weight: 700;
font-size: 12px;
border-radius: 3px;
margin: 0 4px;
}
.wechat-tip {
border-left: 3px solid var(--gold);
background: rgba(198, 163, 91, 0.03);
padding: 12px;
font-size: 13px;
line-height: 1.6;
color: var(--text-soft);
}
@media (max-width: 640px) {
.content {
padding: 22px 18px 18px;
@@ -198,41 +293,102 @@
<main class="card">
<section class="content">
<div class="eyebrow">PASSWORD RECOVERY</div>
<h1>邮箱找回密码</h1>
<p class="lead">请输入账号已绑定的邮箱地址。系统会把重置密码链接发送到邮箱,您再进入独立页面设置新密码。</p>
<h1 id="recovery-title">忘记密码</h1>
<div id="alert-box" class="alert" aria-live="polite"></div>
<form id="password-recovery-form" data-password-email-url="{{ route('password.email') }}">
<label for="email">绑定邮箱</label>
<input
id="email"
name="email"
type="email"
maxlength="255"
placeholder="请输入账号绑定的邮箱地址"
autocomplete="email"
{{ $smtpEnabled ? '' : 'disabled' }}
required
>
<div class="tip">仅支持已绑定唯一邮箱的账号自助找回。重置链接默认 60 分钟内有效。</div>
<!-- ================== 步骤一:检测账号昵称 ================== -->
<div id="step-detect" class="step-panel">
<p class="lead">请输入您的聊天室用户昵称,小助手将智能查询并为您提供最安全的重置方案。</p>
<form id="account-detect-form" action="{{ route('password.check_account') }}">
<label for="username">账号昵称</label>
<input
id="username"
name="username"
type="text"
maxlength="100"
placeholder="请输入您的聊天室账号昵称"
required
>
<div class="actions">
<button id="detect-btn" type="submit">下一步 (检测账号)</button>
<a class="ghost-link" href="{{ route('home') }}">返回首页</a>
</div>
</form>
</div>
<div class="actions">
<button id="submit-btn" type="submit" {{ $smtpEnabled ? '' : 'disabled' }}>发送重置邮件</button>
<!-- ================== 步骤二:智能找回分流面板 ================== -->
<div id="step-result" class="step-panel" style="display: none;">
<!-- 渠道切换 Tab(仅在双绑定时可见) -->
<div id="channel-tabs" class="tabs" style="display: none;">
<button type="button" class="tab-btn active" data-target="panel-wechat">💬 微信找回 (推荐)</button>
<button type="button" class="tab-btn" data-target="panel-email">📧 邮箱找回</button>
</div>
<!-- 结果提示横幅 -->
<p id="detect-summary" class="lead" style="margin-bottom: 15px; font-weight: 500;"></p>
<!-- 模块一:微信私聊重置指引 -->
<div id="panel-wechat" class="channel-pane" style="display: none;">
<div class="wechat-guide">
<div class="guide-step">
<div class="step-num">1</div>
<div class="step-desc">打开微信,进入与微信助手 <strong>【小小】</strong> 的私发消息窗口。</div>
</div>
<div class="guide-step">
<div class="step-num">2</div>
<div class="step-desc">在对话框中直接输入并发送重置口令:<span class="cmd-badge">重置密码</span></div>
</div>
<div class="guide-step">
<div class="step-num">3</div>
<div class="step-desc">微信小助手将即时为您自动生成 <strong>8位随机新密码</strong> 并直接通过微信回复您!</div>
</div>
</div>
<div class="wechat-tip">
⚠️ <strong>安全提示:</strong> 该操作直接经由微信私聊分发,密码不泄露在大厅公屏,请放心使用。
</div>
</div>
<!-- 模块二:邮箱重置发送表单 -->
<div id="panel-email" class="channel-pane" style="display: none;">
<form id="password-recovery-form" data-password-email-url="{{ route('password.email') }}">
<label for="email">已绑定邮箱</label>
<input
id="email"
name="email"
type="email"
maxlength="255"
placeholder="账号绑定的邮箱地址"
autocomplete="email"
readonly
required
>
<div class="tip" style="margin-bottom: 15px;">出于安全目的,此邮箱仅作脱敏验证。系统将向该邮箱投递密码重置链接。</div>
<button id="submit-btn" type="submit" style="width: 100%;" {{ $smtpEnabled ? '' : 'disabled' }}>发送重置邮件</button>
</form>
</div>
<!-- 模块三:均未绑定提示(无法自助找回) -->
<div id="panel-none" class="channel-pane" style="display: none;">
<div class="wechat-tip" style="border-color: var(--danger); background: rgba(143, 46, 39, 0.08); color: #f5cbc7;">
<strong>无法自助找回:</strong><br>
由于您的账号既未绑定邮箱,也未绑定微信,系统无法验证您的持有权。请联系站长或管理员进行人工核验申诉重置。
</div>
</div>
<!-- 底部返回与重试操作 -->
<div class="actions" style="margin-top: 20px;">
<button id="back-detect-btn" type="button" class="ghost-link" style="color: var(--gold); border-color: rgba(198,163,91,0.4);">返回重新检测</button>
<a class="ghost-link" href="{{ route('home') }}">返回首页</a>
</div>
</form>
</div>
<div class="footer">
@if ($smtpEnabled)
找回成功后,请回到首页使用原昵称和新密码登录聊天室。
@else
当前系统尚未开启邮箱发信服务,暂时无法通过邮箱找回密码。
@endif
<div class="footer" id="forgot-footer">
找回密码成功后,请使用账号昵称和新重置的密码登录聊天室。
</div>
</section>
</main>
</body>
</html>
+1
View File
@@ -47,6 +47,7 @@ Route::post('/login', [AuthController::class, 'login'])
Route::middleware('guest')->group(function () {
Route::get('/forgot-password', [PasswordResetController::class, 'create'])->name('password.request');
Route::post('/forgot-password', [PasswordResetController::class, 'storeLink'])->name('password.email');
Route::post('/forgot-password/check-account', [PasswordResetController::class, 'checkAccount'])->name('password.check_account');
Route::get('/reset-password/{token}', [PasswordResetController::class, 'edit'])->name('password.reset');
Route::post('/reset-password', [PasswordResetController::class, 'update'])->name('password.update');
});
@@ -0,0 +1,165 @@
<?php
/**
* 文件功能:找回密码账号检测与防扫描轰炸限流 Feature 测试
*
* 覆盖密码重置流程中的多维限流阀门,确保 IP 防扫与用户邮箱防轰炸策略稳健起效。
*
* @author ChatRoom Laravel
*
* @version 1.0.0
*/
namespace Tests\Feature;
use App\Models\Sysparam;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\RateLimiter;
use Tests\TestCase;
class PasswordResetRateLimitTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
RateLimiter::clear('pw-check:ip:127.0.0.1');
RateLimiter::clear('pw-email:ip:127.0.0.1');
}
/**
* 测试账号检测:不存在账号返回 404/not_found
*/
public function test_check_account_returns_not_found_when_user_does_not_exist(): void
{
$response = $this->postJson(route('password.check_account'), [
'username' => 'non_existing_user_abc',
]);
$response->assertStatus(200);
$response->assertJson([
'status' => 'not_found',
'message' => '抱歉,没有找到该昵称对应的账号。请确认后再试。',
]);
}
/**
* 测试账号检测分流状态与脱敏邮箱输出
*/
public function test_check_account_shows_correct_channels(): void
{
// 1. 双绑定用户
$bothBoundUser = User::factory()->create([
'username' => 'both_user',
'email' => 'both.test@example.com',
'wxid' => 'wxid_both',
]);
$response1 = $this->postJson(route('password.check_account'), [
'username' => 'both_user',
]);
$response1->assertJson([
'status' => 'success',
'has_email' => true,
'has_wechat' => true,
'masked_email' => 'b*******t@example.com',
]);
// 2. 仅绑定微信用户
$wechatUser = User::factory()->create([
'username' => 'wx_user',
'email' => null,
'wxid' => 'wxid_single',
]);
$response2 = $this->postJson(route('password.check_account'), [
'username' => 'wx_user',
]);
$response2->assertJson([
'status' => 'success',
'has_email' => false,
'has_wechat' => true,
]);
// 3. 均未绑定用户
$noneUser = User::factory()->create([
'username' => 'none_user',
'email' => null,
'wxid' => null,
]);
$response3 = $this->postJson(route('password.check_account'), [
'username' => 'none_user',
]);
$response3->assertJson([
'status' => 'success',
'has_email' => false,
'has_wechat' => false,
]);
}
/**
* 测试 IP 防扫描限流限制 (每个 IP 1分钟限制 5 次检测)
*/
public function test_check_account_rate_limiting(): void
{
$ip = '127.0.0.1';
// 连续请求 5 次都应该正常响应
for ($i = 0; $i < 5; $i++) {
$response = $this->postJson(route('password.check_account'), [
'username' => 'non_existing_user',
]);
$response->assertStatus(200);
}
// 第 6 次应该被 RateLimiter 节流拦截返回 429
$response = $this->postJson(route('password.check_account'), [
'username' => 'non_existing_user',
]);
$response->assertStatus(429);
$response->assertJson([
'status' => 'error',
]);
$this->assertStringContainsString('请求过于频繁', $response->json('message'));
}
/**
* 测试发送链接的双层安全控频防御 (防止疯狂邮件轰炸他人)
*/
public function test_store_link_prevents_email_bombing(): void
{
Sysparam::updateOrCreate(['alias' => 'smtp_enabled'], ['body' => '1']);
$user = User::factory()->create([
'username' => 'bomb_user',
'email' => 'bomb.target@example.com',
]);
$email = $user->email;
$targetKey = 'pw-email:target:'.md5($email);
RateLimiter::clear($targetKey);
// 模拟第一次发送成功
$response1 = $this->postJson(route('password.email'), [
'username' => 'bomb_user',
]);
// 第二次在 3 分钟内再次连续发送同一个账号邮件,应该直接拦截返回 429,防止邮箱轰炸
$response2 = $this->postJson(route('password.email'), [
'username' => 'bomb_user',
]);
$response2->assertStatus(429);
$response2->assertJson([
'status' => 'error',
]);
$this->assertStringContainsString('重置链接过于频繁', $response2->json('message'));
}
}