fix(settings): 保存 Turnstile 设置时验证参数有效性

2025-12-31 21:05:33 +08:00
parent 2c35f0276f
commit 0b6371174e
4 changed files with 59 additions and 7 deletions
--- a/backend/internal/handler/admin/setting_handler.go
+++ b/backend/internal/handler/admin/setting_handler.go
@@ -10,15 +10,17 @@ import (

 // SettingHandler 系统设置处理器
 type SettingHandler struct {
-	settingService *service.SettingService
-	emailService   *service.EmailService
+	settingService   *service.SettingService
+	emailService     *service.EmailService
+	turnstileService *service.TurnstileService
 }

 // NewSettingHandler 创建系统设置处理器
-func NewSettingHandler(settingService *service.SettingService, emailService *service.EmailService) *SettingHandler {
+func NewSettingHandler(settingService *service.SettingService, emailService *service.EmailService, turnstileService *service.TurnstileService) *SettingHandler {
 	return &SettingHandler{
-		settingService: settingService,
-		emailService:   emailService,
+		settingService:   settingService,
+		emailService:     emailService,
+		turnstileService: turnstileService,
 	}
 }

@@ -108,6 +110,36 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		req.SmtpPort = 587
 	}

+	// Turnstile 参数验证
+	if req.TurnstileEnabled {
+		// 检查必填字段
+		if req.TurnstileSiteKey == "" {
+			response.BadRequest(c, "Turnstile Site Key is required when enabled")
+			return
+		}
+		if req.TurnstileSecretKey == "" {
+			response.BadRequest(c, "Turnstile Secret Key is required when enabled")
+			return
+		}
+
+		// 获取当前设置，检查参数是否有变化
+		currentSettings, err := h.settingService.GetAllSettings(c.Request.Context())
+		if err != nil {
+			response.ErrorFrom(c, err)
+			return
+		}
+
+		// 当 site_key 或 secret_key 任一变化时验证（避免配置错误导致无法登录）
+		siteKeyChanged := currentSettings.TurnstileSiteKey != req.TurnstileSiteKey
+		secretKeyChanged := currentSettings.TurnstileSecretKey != req.TurnstileSecretKey
+		if siteKeyChanged || secretKeyChanged {
+			if err := h.turnstileService.ValidateSecretKey(c.Request.Context(), req.TurnstileSecretKey); err != nil {
+				response.ErrorFrom(c, err)
+				return
+			}
+		}
+	}
+
 	settings := &service.SystemSettings{
 		RegistrationEnabled: req.RegistrationEnabled,
 		EmailVerifyEnabled:  req.EmailVerifyEnabled,