feat(auth): 密码重置邮件队列化与限流优化

- 邮件发送改为异步队列处理，避免并发导致发送失败 - 新增 Email 维度限流（30秒冷却期），防止邮件轰炸 - Token 验证使用常量时间比较，防止时序攻击 - 重构代码消除冗余，提取公共验证逻辑
2026-01-24 22:33:45 +08:00
parent 43a1031e38
commit 9cc8352593
25 changed files with 1497 additions and 114 deletions
--- a/backend/internal/server/api_contract_test.go
+++ b/backend/internal/server/api_contract_test.go
@@ -452,6 +452,7 @@ func TestAPIContracts(t *testing.T) {
 					"registration_enabled": true,
 					"email_verify_enabled": false,
 					"promo_code_enabled": true,
+					"password_reset_enabled": false,
 					"smtp_host": "smtp.example.com",
 					"smtp_port": 587,
 					"smtp_username": "user",