Spaces:

ZHIWEI666
/

ComfyUI-Ranking-API

Running

App Files Files Community

ZHIWEI666 commited on Mar 27

Commit

40a5561

verified ·

1 Parent(s): 3ff2ccf

Upload router_users.py

Browse files

Files changed (1) hide show

router_users.py +25 -15

router_users.py CHANGED Viewed

@@ -161,13 +161,28 @@ async def send_verify_code(req: SendCodeRequest, bg_tasks: BackgroundTasks):
     return {"status": "success", "message": "验证码发送请求已提交"}
 @router.post("/api/users/register")
 async def register_user(user: UserRegister):
     users_db = db.load_data("users.json", default_data={})
     cache_key = f"{user.email}_register" if user.email else f"{user.phone}_register"
     cached = VERIFY_CODES.get(cache_key)
-    if not cached or cached["code"] != user.code or int(time.time()) > cached["expires_at"]:
         raise HTTPException(status_code=400, detail="验证码不正确或已过期")
     if len(user.account) <= 5: raise HTTPException(status_code=400, detail="账号必须大于5个字符")
@@ -175,10 +190,6 @@ async def register_user(user: UserRegister):
     if len(user.password) < 6: raise HTTPException(status_code=400, detail="密码必须大于等于6个字符")
     if not re.match(r'^[a-zA-Z0-9!@#$%^&*()_+\-=\[\]{};\':"\\|,.<>\/?]{6,}$', user.password): raise HTTPException(status_code=400, detail="密码包含不支持的特殊字符")
     if user.intro and len(user.intro) > 100: raise HTTPException(status_code=400, detail="个人介绍不能超过100个字符")
-    if user.account in users_db: raise HTTPException(status_code=400, detail="该账号已被注册")
-    for existing_user in users_db.values():
-        if user.email and existing_user.get("email") == user.email: raise HTTPException(status_code=400, detail="该邮箱已被绑定")
-        if user.phone and existing_user.get("phone") == user.phone: raise HTTPException(status_code=400, detail="该手机号已被绑定")
     VERIFY_CODES.pop(cache_key, None)
@@ -189,6 +200,7 @@ async def register_user(user: UserRegister):
     db.save_data("users.json", users_db)
     return {"status": "success", "message": "注册成功", "data": {k: v for k, v in new_user.items() if k != "password"}}
 @router.post("/api/users/login")
 async def login_user(user: UserLogin):
     users_db = db.load_data("users.json", default_data={})
@@ -197,40 +209,35 @@ async def login_user(user: UserLogin):
     if user_data.get("password") != user.password: raise HTTPException(status_code=401, detail="密码错误")
     return {"status": "success", "token": f"mock_token_{user.account}", "account": user.account, "name": user_data["name"], "avatar": user_data.get("avatarDataUrl", "https://via.placeholder.com/150")}
 # ==========================================
 # 补充：发送验证码的 API 接口
 # ==========================================
 @router.post("/api/users/send_code")
 async def send_code_api(req: SendCodeRequest):
-    # 1. 生成 6 位随机数字验证码
     code = str(random.randint(100000, 999999))
-    # 2. 生成缓存 Key (格式: 邮箱地址_动作)
-    # 例如: test@qq.com_register 或 test@qq.com_reset
     key = f"{req.contact}_{req.action_type}"
-    # 3. 存入全局内存字典 (设置有效期为 10 分钟 = 600 秒)
     VERIFY_CODES[key] = {
         "code": code,
-        "expires": time.time() + 600
     }
-    # 4. 触发发送逻辑
     if req.contact_type == "email":
         try:
-            # 调用你文件里已经写好的通过 Make.com Webhook 发邮件的函数
             send_email_code(req.contact, code, req.action_type)
             return {"status": "success", "message": "验证码已成功发送至邮箱"}
         except Exception as e:
             raise HTTPException(status_code=500, detail=f"邮件发送失败: {str(e)}")
     elif req.contact_type == "phone":
-        # 预留的短信通道
         return {"status": "success", "message": "验证码已成功发送至手机"}
     else:
         raise HTTPException(status_code=400, detail="不支持的验证方式")
 @router.get("/api/users/{account}")
 async def get_user_profile(account: str):
     users_db = db.load_data("users.json", default_data={})
@@ -267,7 +274,10 @@ async def reset_password(account: str, pwd_data: PasswordReset):
     cache_key = f"{pwd_data.verify_contact}_reset"
     cached = VERIFY_CODES.get(cache_key)
-    if not cached or cached["code"] != pwd_data.code or int(time.time()) > cached["expires_at"]:
         raise HTTPException(status_code=400, detail="验证码不正确或已过期")
     if len(pwd_data.new_password) < 6: raise HTTPException(status_code=400, detail="新密码必须大于等于6个字符")

     return {"status": "success", "message": "验证码发送请求已提交"}
 @router.post("/api/users/register")
 async def register_user(user: UserRegister):
     users_db = db.load_data("users.json", default_data={})
+    # 🚀 核心修复 1：将查重逻辑移到最前面！一旦重复直接拦截，绝不会发生 500 崩溃
+    if user.account in users_db:
+        raise HTTPException(status_code=400, detail="该账号已被注册，请更换一个")
+    for existing_user in users_db.values():
+        if user.email and existing_user.get("email") == user.email:
+            raise HTTPException(status_code=400, detail="此邮箱已注册，请直接登录或找回密码")
+        if user.phone and existing_user.get("phone") == user.phone:
+            raise HTTPException(status_code=400, detail="该手机号已被绑定")
+    # 获取验证码缓存记录
     cache_key = f"{user.email}_register" if user.email else f"{user.phone}_register"
     cached = VERIFY_CODES.get(cache_key)
+    # 🚀 核心修复 2：安全地获取过期时间，兼容新老写法，彻底消灭 KeyError 导致的 500
+    expire_time = cached.get("expires_at", cached.get("expires", 0)) if cached else 0
+    if not cached or cached["code"] != user.code or time.time() > expire_time:
         raise HTTPException(status_code=400, detail="验证码不正确或已过期")
     if len(user.account) <= 5: raise HTTPException(status_code=400, detail="账号必须大于5个字符")
     if len(user.password) < 6: raise HTTPException(status_code=400, detail="密码必须大于等于6个字符")
     if not re.match(r'^[a-zA-Z0-9!@#$%^&*()_+\-=\[\]{};\':"\\|,.<>\/?]{6,}$', user.password): raise HTTPException(status_code=400, detail="密码包含不支持的特殊字符")
     if user.intro and len(user.intro) > 100: raise HTTPException(status_code=400, detail="个人介绍不能超过100个字符")
     VERIFY_CODES.pop(cache_key, None)
     db.save_data("users.json", users_db)
     return {"status": "success", "message": "注册成功", "data": {k: v for k, v in new_user.items() if k != "password"}}
 @router.post("/api/users/login")
 async def login_user(user: UserLogin):
     users_db = db.load_data("users.json", default_data={})
     if user_data.get("password") != user.password: raise HTTPException(status_code=401, detail="密码错误")
     return {"status": "success", "token": f"mock_token_{user.account}", "account": user.account, "name": user_data["name"], "avatar": user_data.get("avatarDataUrl", "https://via.placeholder.com/150")}
 # ==========================================
 # 补充：发送验证码的 API 接口
 # ==========================================
 @router.post("/api/users/send_code")
 async def send_code_api(req: SendCodeRequest):
     code = str(random.randint(100000, 999999))
     key = f"{req.contact}_{req.action_type}"
+    # 🚀 核心修复 3：统一改成 expires_at，与全局校验逻辑完美对齐
     VERIFY_CODES[key] = {
         "code": code,
+        "expires_at": time.time() + 600
     }
     if req.contact_type == "email":
         try:
             send_email_code(req.contact, code, req.action_type)
             return {"status": "success", "message": "验证码已成功发送至邮箱"}
         except Exception as e:
             raise HTTPException(status_code=500, detail=f"邮件发送失败: {str(e)}")
     elif req.contact_type == "phone":
         return {"status": "success", "message": "验证码已成功发送至手机"}
     else:
         raise HTTPException(status_code=400, detail="不支持的验证方式")
 @router.get("/api/users/{account}")
 async def get_user_profile(account: str):
     users_db = db.load_data("users.json", default_data={})
     cache_key = f"{pwd_data.verify_contact}_reset"
     cached = VERIFY_CODES.get(cache_key)
+    # 这里同样加上安全获取策略防崩
+    expire_time = cached.get("expires_at", cached.get("expires", 0)) if cached else 0
+    if not cached or cached["code"] != pwd_data.code or time.time() > expire_time:
         raise HTTPException(status_code=400, detail="验证码不正确或已过期")
     if len(pwd_data.new_password) < 6: raise HTTPException(status_code=400, detail="新密码必须大于等于6个字符")