Spaces:
Running
Running
优化提现验证码
Browse files- router_wallet.py +6 -1
router_wallet.py
CHANGED
|
@@ -450,7 +450,12 @@ async def tip_user(request: Request, req: TipRequest, db: Session = Depends(get_
|
|
| 450 |
@router.post("/api/wallet/withdraw")
|
| 451 |
@limiter.limit("3/minute") # 🔒 P0安全优化:提现每分钟最多3次
|
| 452 |
async def withdraw(request: Request, req: WithdrawRequest, db: Session = Depends(get_db)):
|
| 453 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 454 |
code_data = VERIFY_CODES.get(key)
|
| 455 |
# 🔒 P0安全修复:统一使用 expires_at 字段,兼容旧版 expires
|
| 456 |
expire_time = code_data.get("expires_at", code_data.get("expires", 0)) if code_data else 0
|
|
|
|
| 450 |
@router.post("/api/wallet/withdraw")
|
| 451 |
@limiter.limit("3/minute") # 🔒 P0安全优化:提现每分钟最多3次
|
| 452 |
async def withdraw(request: Request, req: WithdrawRequest, db: Session = Depends(get_db)):
|
| 453 |
+
# 🔒 验证码缓存键格式:{contact}_{action_type},与 send_code 接口一致
|
| 454 |
+
# 先通过账号查询用户邮箱,再用邮箱构建缓存键
|
| 455 |
+
users_db = json_db.load_data("users.json", default_data={})
|
| 456 |
+
user_info = users_db.get(req.account, {})
|
| 457 |
+
user_email = user_info.get("email", "")
|
| 458 |
+
key = f"{user_email}_withdraw" if user_email else f"{req.account}_withdraw"
|
| 459 |
code_data = VERIFY_CODES.get(key)
|
| 460 |
# 🔒 P0安全修复:统一使用 expires_at 字段,兼容旧版 expires
|
| 461 |
expire_time = code_data.get("expires_at", code_data.get("expires", 0)) if code_data else 0
|