lkddi/chatroom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增强:聊天室内修改绑定邮箱时强制要求邮件验证码校验,并增加 60 秒发送频率限制防滥发机制

Browse Source
This commit is contained in:
流星
2026-02-27 10:02:33 +08:00
parent 739ca15cba
commit ea7331dd98
4 changed files with 178 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/Http/Controllers/UserController.php
View File

@@ -64,6 +64,30 @@ class UserController extends Controller
{
$user = Auth::user();
$data = $request->validated();
// 当用户试图更新邮箱,并且新邮箱不等于当前旧邮箱时启动验证码拦截
if (isset($data['email']) && $data['email'] !== $user->email) {
// 首先判断系统开关是否开启,没开启直接禁止修改邮箱
if (\App\Models\SysParam::where('alias', 'smtp_enabled')->value('body') !== '1') {
return response()->json(['status' => 'error', 'message' => '系统未开启邮件服务,当前禁止绑定/修改邮箱。'], 403);
}
$emailCode = $request->input('email_code');
if (empty($emailCode)) {
return response()->json(['status' => 'error', 'message' => '新邮箱需要验证码,请先获取并填写验证码。'], 422);
}
// 获取缓存的验证码
$codeKey = 'email_verify_code_' . $user->id . '_' . $data['email'];
$cachedCode = \Illuminate\Support\Facades\Cache::get($codeKey);
if (!$cachedCode || $cachedCode != $emailCode) {
return response()->json(['status' => 'error', 'message' => '验证码不正确或已过期有效期5分钟请重新获取。'], 422);
}
// 验证成功后,立即核销该验证码防止二次利用
\Illuminate\Support\Facades\Cache::forget($codeKey);
}
$user->update($data);