⚡ implement email verification feature, add captcha validation middleware, and enhance user authentication flow

2025-09-05 16:56:22 +00:00 · 2025-07-22 08:50:16 +08:00
parent 6187425df6
commit a0d215fa2e
26 changed files with 844 additions and 50 deletions
--- a/internal/middleware/captcha.go
+++ b/internal/middleware/captcha.go
@ -3,10 +3,35 @@ package middleware
 import (
 	"context"
 	"github.com/cloudwego/hertz/pkg/app"
+	"github.com/sirupsen/logrus"
+	"github.com/snowykami/neo-blog/pkg/resps"
+	"github.com/snowykami/neo-blog/pkg/utils"
 )

+// UseCaptcha 中间件函数，用于X-Captcha-Token验证码
 func UseCaptcha() app.HandlerFunc {
+	captchaConfig := utils.Captcha.GetCaptchaConfigFromEnv()
 	return func(ctx context.Context, c *app.RequestContext) {
-		// TODO: Implement captcha validation logic here
+		CaptchaToken := string(c.GetHeader("X-Captcha-Token"))
+		if utils.IsDevMode && CaptchaToken == utils.Env.Get("CAPTCHA_DEV_PASSCODE", "dev_passcode") {
+			// 开发模式直接通过密钥
+			c.Next(ctx)
+			return
+		}
+		ok, err := utils.Captcha.VerifyCaptcha(captchaConfig, CaptchaToken)
+		if err != nil {
+			logrus.Error("Captcha verification error:", err)
+			resps.InternalServerError(c, "Captcha verification failed")
+			c.Abort()
+			return
+		}
+		if !ok {
+			logrus.Warn("Captcha verification failed for token:", CaptchaToken)
+			resps.Forbidden(c, "Captcha verification failed")
+			c.Abort()
+			return
+		}
+		c.Next(ctx) // 如果验证码验证成功，则继续下一个处理程序
+		return
 	}
 }