Spaces:
Running
Running
Upload router_users.py
Browse files- router_users.py +12 -7
router_users.py
CHANGED
|
@@ -261,21 +261,25 @@ async def update_user_profile(account: str, update_data: UserUpdate):
|
|
| 261 |
db.save_data("users.json", users_db)
|
| 262 |
return {"status": "success", "data": {k: v for k, v in user.items() if k != "password"}}
|
| 263 |
|
| 264 |
-
@router.post("/api/users/
|
| 265 |
-
async def reset_password(
|
|
|
|
|
|
|
|
|
|
| 266 |
users_db = db.load_data("users.json", default_data={})
|
| 267 |
if account not in users_db: raise HTTPException(status_code=404, detail="用户不存在")
|
| 268 |
user = users_db[account]
|
| 269 |
|
| 270 |
-
|
|
|
|
| 271 |
raise HTTPException(status_code=400, detail="填写的邮箱与该账号绑定的邮箱不匹配")
|
| 272 |
-
if pwd_data.
|
| 273 |
raise HTTPException(status_code=400, detail="填写的手机号与该账号绑定的手机号不匹配")
|
| 274 |
|
| 275 |
-
cache_key = f"{pwd_data.
|
| 276 |
cached = VERIFY_CODES.get(cache_key)
|
| 277 |
|
| 278 |
-
#
|
| 279 |
expire_time = cached.get("expires_at", cached.get("expires", 0)) if cached else 0
|
| 280 |
if not cached or cached["code"] != pwd_data.code or time.time() > expire_time:
|
| 281 |
raise HTTPException(status_code=400, detail="验证码不正确或已过期")
|
|
@@ -286,7 +290,8 @@ async def reset_password(account: str, pwd_data: PasswordReset):
|
|
| 286 |
VERIFY_CODES.pop(cache_key, None)
|
| 287 |
user["password"] = pwd_data.new_password
|
| 288 |
db.save_data("users.json", users_db)
|
| 289 |
-
|
|
|
|
| 290 |
|
| 291 |
@router.post("/api/users/follow")
|
| 292 |
async def toggle_follow(follow: FollowToggle):
|
|
|
|
| 261 |
db.save_data("users.json", users_db)
|
| 262 |
return {"status": "success", "data": {k: v for k, v in user.items() if k != "password"}}
|
| 263 |
|
| 264 |
+
@router.post("/api/users/reset_password")
|
| 265 |
+
async def reset_password(pwd_data: PasswordReset):
|
| 266 |
+
# 1. 直接从请求体中提取账号,不需要通过 URL 传参
|
| 267 |
+
account = pwd_data.account
|
| 268 |
+
|
| 269 |
users_db = db.load_data("users.json", default_data={})
|
| 270 |
if account not in users_db: raise HTTPException(status_code=404, detail="用户不存在")
|
| 271 |
user = users_db[account]
|
| 272 |
|
| 273 |
+
# 🚀 核心排雷:严格匹配 models.py 中的驼峰命名 verifyType 和 verifyContact
|
| 274 |
+
if pwd_data.verifyType == "email" and user.get("email") != pwd_data.verifyContact:
|
| 275 |
raise HTTPException(status_code=400, detail="填写的邮箱与该账号绑定的邮箱不匹配")
|
| 276 |
+
if pwd_data.verifyType == "phone" and user.get("phone") != pwd_data.verifyContact:
|
| 277 |
raise HTTPException(status_code=400, detail="填写的手机号与该账号绑定的手机号不匹配")
|
| 278 |
|
| 279 |
+
cache_key = f"{pwd_data.verifyContact}_reset"
|
| 280 |
cached = VERIFY_CODES.get(cache_key)
|
| 281 |
|
| 282 |
+
# 安全获取过期时间防崩
|
| 283 |
expire_time = cached.get("expires_at", cached.get("expires", 0)) if cached else 0
|
| 284 |
if not cached or cached["code"] != pwd_data.code or time.time() > expire_time:
|
| 285 |
raise HTTPException(status_code=400, detail="验证码不正确或已过期")
|
|
|
|
| 290 |
VERIFY_CODES.pop(cache_key, None)
|
| 291 |
user["password"] = pwd_data.new_password
|
| 292 |
db.save_data("users.json", users_db)
|
| 293 |
+
|
| 294 |
+
return {"status": "success", "message": "密码修改成功"}
|
| 295 |
|
| 296 |
@router.post("/api/users/follow")
|
| 297 |
async def toggle_follow(follow: FollowToggle):
|