c6b3de1199
## 变更内容
### CI/CD
- 添加 GitHub Actions 工作流(test + golangci-lint)
- 添加 golangci-lint 配置,启用 errcheck/govet/staticcheck/unused/depguard
- 通过 depguard 强制 service 层不能直接导入 repository
### 错误处理修复
- 修复 CSV 写入、SSE 流式输出、随机数生成等未处理的错误
- GenerateRedeemCode() 现在返回 error
### 资源泄露修复
- 统一使用 defer func() { _ = xxx.Close() }() 模式
### 代码清理
- 移除未使用的常量
- 简化 nil map 检查
- 统一代码格式
85 lines
2.4 KiB
Go
85 lines
2.4 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"log"
|
|
)
|
|
|
|
var (
|
|
ErrTurnstileVerificationFailed = errors.New("turnstile verification failed")
|
|
ErrTurnstileNotConfigured = errors.New("turnstile not configured")
|
|
)
|
|
|
|
// TurnstileVerifier 验证 Turnstile token 的接口
|
|
type TurnstileVerifier interface {
|
|
VerifyToken(ctx context.Context, secretKey, token, remoteIP string) (*TurnstileVerifyResponse, error)
|
|
}
|
|
|
|
// TurnstileService Turnstile 验证服务
|
|
type TurnstileService struct {
|
|
settingService *SettingService
|
|
verifier TurnstileVerifier
|
|
}
|
|
|
|
// TurnstileVerifyResponse Cloudflare Turnstile 验证响应
|
|
type TurnstileVerifyResponse struct {
|
|
Success bool `json:"success"`
|
|
ChallengeTS string `json:"challenge_ts"`
|
|
Hostname string `json:"hostname"`
|
|
ErrorCodes []string `json:"error-codes"`
|
|
Action string `json:"action"`
|
|
CData string `json:"cdata"`
|
|
}
|
|
|
|
// NewTurnstileService 创建 Turnstile 服务实例
|
|
func NewTurnstileService(settingService *SettingService, verifier TurnstileVerifier) *TurnstileService {
|
|
return &TurnstileService{
|
|
settingService: settingService,
|
|
verifier: verifier,
|
|
}
|
|
}
|
|
|
|
// VerifyToken 验证 Turnstile token
|
|
func (s *TurnstileService) VerifyToken(ctx context.Context, token string, remoteIP string) error {
|
|
// 检查是否启用 Turnstile
|
|
if !s.settingService.IsTurnstileEnabled(ctx) {
|
|
log.Println("[Turnstile] Disabled, skipping verification")
|
|
return nil
|
|
}
|
|
|
|
// 获取 Secret Key
|
|
secretKey := s.settingService.GetTurnstileSecretKey(ctx)
|
|
if secretKey == "" {
|
|
log.Println("[Turnstile] Secret key not configured")
|
|
return ErrTurnstileNotConfigured
|
|
}
|
|
|
|
// 如果 token 为空,返回错误
|
|
if token == "" {
|
|
log.Println("[Turnstile] Token is empty")
|
|
return ErrTurnstileVerificationFailed
|
|
}
|
|
|
|
log.Printf("[Turnstile] Verifying token for IP: %s", remoteIP)
|
|
result, err := s.verifier.VerifyToken(ctx, secretKey, token, remoteIP)
|
|
if err != nil {
|
|
log.Printf("[Turnstile] Request failed: %v", err)
|
|
return fmt.Errorf("send request: %w", err)
|
|
}
|
|
|
|
if !result.Success {
|
|
log.Printf("[Turnstile] Verification failed, error codes: %v", result.ErrorCodes)
|
|
return ErrTurnstileVerificationFailed
|
|
}
|
|
|
|
log.Println("[Turnstile] Verification successful")
|
|
return nil
|
|
}
|
|
|
|
// IsEnabled 检查 Turnstile 是否启用
|
|
func (s *TurnstileService) IsEnabled(ctx context.Context) bool {
|
|
return s.settingService.IsTurnstileEnabled(ctx)
|
|
}
|