Merge remote-tracking branch 'upstream/main'

2025-12-31 21:56:17 +08:00
parent c1e25b7ecf 0b6371174e
commit 2ccdc2b8ef
9 changed files with 193 additions and 98 deletions
--- a/backend/internal/service/turnstile_service.go
+++ b/backend/internal/service/turnstile_service.go
@@ -11,6 +11,7 @@ import (
 var (
 	ErrTurnstileVerificationFailed = infraerrors.BadRequest("TURNSTILE_VERIFICATION_FAILED", "turnstile verification failed")
 	ErrTurnstileNotConfigured      = infraerrors.ServiceUnavailable("TURNSTILE_NOT_CONFIGURED", "turnstile not configured")
+	ErrTurnstileInvalidSecretKey   = infraerrors.BadRequest("TURNSTILE_INVALID_SECRET_KEY", "invalid turnstile secret key")
 )

 // TurnstileVerifier 验证 Turnstile token 的接口
@@ -83,3 +84,22 @@ func (s *TurnstileService) VerifyToken(ctx context.Context, token string, remote
 func (s *TurnstileService) IsEnabled(ctx context.Context) bool {
 	return s.settingService.IsTurnstileEnabled(ctx)
 }
+
+// ValidateSecretKey 验证 Turnstile Secret Key 是否有效
+func (s *TurnstileService) ValidateSecretKey(ctx context.Context, secretKey string) error {
+	// 发送一个测试token的验证请求来检查secret_key是否有效
+	result, err := s.verifier.VerifyToken(ctx, secretKey, "test-validation", "")
+	if err != nil {
+		return fmt.Errorf("validate secret key: %w", err)
+	}
+
+	// 检查是否有 invalid-input-secret 错误
+	for _, code := range result.ErrorCodes {
+		if code == "invalid-input-secret" {
+			return ErrTurnstileInvalidSecretKey
+		}
+	}
+
+	// 其他错误（如 invalid-input-response）说明 secret key 是有效的
+	return nil
+}