From d85eeabf11f43aab1e1defcd458b590e2a53fd06 Mon Sep 17 00:00:00 2001 From: Seefs Date: Sun, 3 Aug 2025 10:41:00 +0800 Subject: [PATCH] fix: coderabbit review --- common/totp.go | 5 +---- controller/twofa.go | 12 +++++++++--- go.mod | 2 +- go.sum | 2 ++ model/twofa.go | 4 +++- web/src/components/auth/TwoFAVerification.js | 10 +++++++++- 6 files changed, 25 insertions(+), 10 deletions(-) diff --git a/common/totp.go b/common/totp.go index ece5bc31..400f9d05 100644 --- a/common/totp.go +++ b/common/totp.go @@ -113,10 +113,7 @@ func HashBackupCode(code string) (string, error) { // Get2FAIssuer 获取2FA发行者名称 func Get2FAIssuer() string { - if issuer := SystemName; issuer != "" { - return issuer - } - return "NewAPI" + return SystemName } // getEnvOrDefault 获取环境变量或默认值 diff --git a/controller/twofa.go b/controller/twofa.go index 368289c9..2a7016c5 100644 --- a/controller/twofa.go +++ b/controller/twofa.go @@ -46,7 +46,7 @@ func Setup2FA(c *gin.Context) { }) return } - + // 如果存在已禁用的2FA记录,先删除它 if existing != nil && !existing.IsEnabled { if err := existing.Delete(); err != nil { @@ -415,8 +415,14 @@ func Verify2FALogin(c *gin.Context) { }) return } - userId := pendingUserId.(int) - + userId, ok := pendingUserId.(int) + if !ok { + c.JSON(http.StatusOK, gin.H{ + "success": false, + "message": "会话数据无效,请重新登录", + }) + return + } // 获取用户信息 user, err := model.GetUserById(userId, false) if err != nil { diff --git a/go.mod b/go.mod index 1def0b08..86576bc2 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect github.com/aws/smithy-go v1.20.2 // indirect - github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect + github.com/boombuler/barcode v1.1.0 // indirect github.com/bytedance/sonic v1.11.6 // indirect github.com/bytedance/sonic/loader v0.1.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index 4f5ae530..a1cc5ece 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,8 @@ github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo= +github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bytedance/gopkg v0.0.0-20220118071334-3db87571198b h1:LTGVFpNmNHhj0vhOlfgWueFJ32eK9blaIlHR2ciXOT0= github.com/bytedance/gopkg v0.0.0-20220118071334-3db87571198b/go.mod h1:2ZlV9BaUH4+NXIBF0aMdKKAnHTzqH+iMU4KUjAbL23Q= github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0= diff --git a/model/twofa.go b/model/twofa.go index 4a96ffb0..d7b08f93 100644 --- a/model/twofa.go +++ b/model/twofa.go @@ -9,6 +9,8 @@ import ( "gorm.io/gorm" ) +var ErrTwoFANotEnabled = errors.New("用户未启用2FA") + // TwoFA 用户2FA设置表 type TwoFA struct { Id int `json:"id" gorm:"primaryKey"` @@ -210,7 +212,7 @@ func DisableTwoFA(userId int) error { return err } if twoFA == nil { - return errors.New("用户未启用2FA") + return ErrTwoFANotEnabled } // 删除2FA设置和备用码 diff --git a/web/src/components/auth/TwoFAVerification.js b/web/src/components/auth/TwoFAVerification.js index 384273ed..69756384 100644 --- a/web/src/components/auth/TwoFAVerification.js +++ b/web/src/components/auth/TwoFAVerification.js @@ -16,9 +16,9 @@ along with this program. If not, see . For commercial licensing, please contact support@quantumnous.com */ +import { API, showError, showSuccess } from '../../helpers'; import { Button, Card, Divider, Form, Input, Typography } from '@douyinfe/semi-ui'; import React, { useState } from 'react'; -import { showError, showSuccess, API } from '../../helpers'; const { Title, Text, Paragraph } = Typography; @@ -32,6 +32,14 @@ const TwoFAVerification = ({ onSuccess, onBack, isModal = false }) => { showError('请输入验证码'); return; } + // Validate code format + if (useBackupCode && verificationCode.length !== 8) { + showError('备用码必须是8位'); + return; + } else if (!useBackupCode && !/^\d{6}$/.test(verificationCode)) { + showError('验证码必须是6位数字'); + return; + } setLoading(true); try {