Upload router_users.py

router_users.py

@@ -1,5 +1,5 @@
 # router_users.py
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, BackgroundTasks
 import time
 import re
 import random
@@ -13,20 +13,19 @@ from models import UserRegister, UserLogin, UserUpdate, PasswordReset, FollowTog
 router = APIRouter()
 
 # ==========================================
-# 【核心新增】：验证码内存缓存与发送引擎
+# 验证码内存缓存与发送引擎
 # ==========================================
-# 结构: {"contact_action": {"code": "123456", "expires_at": 1690000000}}
 VERIFY_CODES = {} 
 
 def send_email_code(to_email: str, code: str, action: str):
-    """底层邮件发送引擎 (需在 HF Spaces 设置环境变量)"""
+    """底层邮件发送引擎"""
     sender = os.environ.get("SMTP_USER")
     pwd = os.environ.get("SMTP_PASS")
-    server = os.environ.get("SMTP_SERVER", "smtp.qq.com") # 默认使用 QQ 邮箱 SMTP
+    server = os.environ.get("SMTP_SERVER", "smtp.qq.com")
     port = int(os.environ.get("SMTP_PORT", 465))
 
     if not sender or not pwd:
-        print("警告: 未配置 SMTP_USER 或 SMTP_PASS 环境变量，跳过真实邮件发送")
+        print("警告: 未配置 SMTP_USER 或 SMTP_PASS，跳过邮件发送")
         return
 
     action_str = "注册账号" if action == "register" else "修改/找回密码"
@@ -36,28 +35,28 @@ def send_email_code(to_email: str, code: str, action: str):
     msg['To'] = to_email
 
     try:
+        # 【核心优化】：加入 timeout=10 防卡死机制
         if port == 465:
-            with smtplib.SMTP_SSL(server, port) as smtp:
+            with smtplib.SMTP_SSL(server, port, timeout=10) as smtp:
                 smtp.login(sender, pwd)
                 smtp.send_message(msg)
         else:
-            with smtplib.SMTP(server, port) as smtp:
+            with smtplib.SMTP(server, port, timeout=10) as smtp:
                 smtp.starttls()
                 smtp.login(sender, pwd)
                 smtp.send_message(msg)
+        print(f"✅ 成功发送验证码 {code} 至 {to_email}")
     except Exception as e:
-        print(f"邮件发送失败: {e}")
-        raise HTTPException(status_code=500, detail="邮件下发失败，请检查云端 SMTP 配置")
+        print(f"❌ 邮件发送失败: {e}")
 
 def send_sms_code(phone: str, code: str, action: str):
     """短信发送接口挂载点"""
-    # TODO: 这里接入阿里云/腾讯云短信 SDK
-    print(f"[模拟短信发送] 手机号: {phone}, 验证码: {code}, 动作: {action}")
+    print(f"[模拟短信] 手机号: {phone}, 验证码: {code}")
     pass
 
+# 【核心优化】：引入 BackgroundTasks
 @router.post("/api/users/send-code")
-async def send_verify_code(req: SendCodeRequest):
-    # 生成 6 位纯数字验证码
+async def send_verify_code(req: SendCodeRequest, bg_tasks: BackgroundTasks):
     code = str(random.randint(100000, 999999))
     cache_key = f"{req.contact}_{req.action_type}"
     
@@ -67,25 +66,26 @@ async def send_verify_code(req: SendCodeRequest):
         "expires_at": int(time.time()) + 600
     }
     
+    # 放入后台队列执行，立刻给前端返回成功响应
     if req.contact_type == "email":
-        send_email_code(req.contact, code, req.action_type)
+        bg_tasks.add_task(send_email_code, req.contact, code, req.action_type)
     elif req.contact_type == "phone":
-        send_sms_code(req.contact, code, req.action_type)
+        bg_tasks.add_task(send_sms_code, req.contact, code, req.action_type)
     else:
         raise HTTPException(status_code=400, detail="不支持的验证方式")
         
-    return {"status": "success", "message": "验证码已发送"}
+    return {"status": "success", "message": "验证码发送请求已提交"}
 
 
 # ==========================================
-# 原有业务接口修改 (增加验证码鉴权)
+# 原有业务接口
 # ==========================================
 
 @router.post("/api/users/register")
 async def register_user(user: UserRegister):
     users_db = db.load_data("users.json", default_data={})
     
-    # 【新增】：校验注册验证码
+    # 校验注册验证码
     cache_key = f"{user.email}_register"
     cached = VERIFY_CODES.get(cache_key)
     if not cached or cached["code"] != user.code or int(time.time()) > cached["expires_at"]:
@@ -101,11 +101,10 @@ async def register_user(user: UserRegister):
         if existing_user.get("email") == user.email: raise HTTPException(status_code=400, detail="该邮箱已被绑定")
         if existing_user.get("phone") == user.phone: raise HTTPException(status_code=400, detail="该手机号已被绑定")
     
-    # 验证通过，销毁验证码
-    VERIFY_CODES.pop(cache_key, None)
+    VERIFY_CODES.pop(cache_key, None) # 验证通过，销毁验证码
     
     new_user = user.dict()
-    new_user.pop("code", None) # 不将验证码存入数据库
+    new_user.pop("code", None)
     new_user.update({"created_at": int(time.time()), "followers": [], "following": [], "privacy": {"follows": False, "likes": False, "favorites": False, "downloads": False}})
     users_db[user.account] = new_user
     db.save_data("users.json", users_db)
@@ -146,16 +145,13 @@ async def update_user_profile(account: str, update_data: UserUpdate):
 async def reset_password(account: str, pwd_data: PasswordReset):
     users_db = db.load_data("users.json", default_data={})
     if account not in users_db: raise HTTPException(status_code=404, detail="用户不存在")
-    
     user = users_db[account]
     
-    # 【新增】：校验账号与提供的联系方式是否匹配，防止通过自己的邮箱改别人的密码
     if pwd_data.verify_type == "email" and user.get("email") != pwd_data.verify_contact:
         raise HTTPException(status_code=400, detail="填写的邮箱与该账号绑定的邮箱不匹配")
     if pwd_data.verify_type == "phone" and user.get("phone") != pwd_data.verify_contact:
         raise HTTPException(status_code=400, detail="填写的手机号与该账号绑定的手机号不匹配")
 
-    # 【新增】：校验重置验证码
     cache_key = f"{pwd_data.verify_contact}_reset"
     cached = VERIFY_CODES.get(cache_key)
     if not cached or cached["code"] != pwd_data.code or int(time.time()) > cached["expires_at"]:
@@ -164,9 +160,7 @@ async def reset_password(account: str, pwd_data: PasswordReset):
     if len(pwd_data.new_password) < 6: raise HTTPException(status_code=400, detail="新密码必须大于等于6个字符")
     if not re.match(r'^[a-zA-Z0-9!@#$%^&*()_+\-=\[\]{};\':"\\|,.<>\/?]{6,}$', pwd_data.new_password): raise HTTPException(status_code=400, detail="新密码包含不支持的特殊字符")
     
-    # 验证通过，销毁验证码
     VERIFY_CODES.pop(cache_key, None)
-    
     user["password"] = pwd_data.new_password
     db.save_data("users.json", users_db)
     return {"status": "success"}