Upload router_users.py

router_users.py

@@ -1,5 +1,5 @@
 # router_users.py
-from fastapi import APIRouter, HTTPException, BackgroundTasks
+from fastapi import APIRouter, HTTPException, BackgroundTasks, Request
 import time
 import re
 import random
@@ -261,38 +261,64 @@ async def update_user_profile(account: str, update_data: UserUpdate):
     db.save_data("users.json", users_db)
     return {"status": "success", "data": {k: v for k, v in user.items() if k != "password"}}
 
+
+# ==========================================
+# 🚀 万能重置密码接口：杜绝所有前端数据格式 422 报错
+# ==========================================
 @router.post("/api/users/reset_password")
-async def reset_password(pwd_data: PasswordReset):
-    # 1. 直接从请求体中提取账号，不需要通过 URL 传参
-    account = pwd_data.account
+async def reset_password(request: Request):
+    # 1. 万能解析器：兼容 JSON、双重字符串化、以及 FormData
+    try:
+        data = await request.json()
+        if isinstance(data, str):  # 核心：拦截前端可能造成的"双重字符串化"
+            data = json.loads(data)
+    except:
+        try:
+            form = await request.form()
+            data = dict(form)
+        except:
+            raise HTTPException(status_code=400, detail="请求数据解析失败，请检查网络")
+    
+    if not isinstance(data, dict):
+        raise HTTPException(status_code=400, detail=f"前端数据格式异常，收到的是: {type(data).__name__}")
+        
+    # 2. 万能提取器：同时兼容前端的命名习惯误差
+    account = data.get("account")
+    new_password = data.get("new_password") or data.get("password")
+    verify_contact = data.get("verifyContact") or data.get("verify_contact") or data.get("email") or data.get("phone")
+    verify_type = data.get("verifyType") or data.get("verify_type") or data.get("contact_type")
+    code = data.get("code")
     
+    if not all([account, new_password, verify_contact, verify_type, code]):
+        raise HTTPException(status_code=400, detail="缺失必要参数 (账号/密码/验证码/联系方式)，请检查表单")
+        
+    # 3. 核心业务逻辑
     users_db = db.load_data("users.json", default_data={})
-    if account not in users_db: raise HTTPException(status_code=404, detail="用户不存在")
+    if account not in users_db: raise HTTPException(status_code=404, detail="该用户不存在")
     user = users_db[account]
     
-    # 🚀 核心排雷：严格匹配 models.py 中的驼峰命名 verifyType 和 verifyContact
-    if pwd_data.verifyType == "email" and user.get("email") != pwd_data.verifyContact:
+    if verify_type == "email" and user.get("email") != verify_contact:
         raise HTTPException(status_code=400, detail="填写的邮箱与该账号绑定的邮箱不匹配")
-    if pwd_data.verifyType == "phone" and user.get("phone") != pwd_data.verifyContact:
+    if verify_type == "phone" and user.get("phone") != verify_contact:
         raise HTTPException(status_code=400, detail="填写的手机号与该账号绑定的手机号不匹配")
 
-    cache_key = f"{pwd_data.verifyContact}_reset"
+    cache_key = f"{verify_contact}_reset"
     cached = VERIFY_CODES.get(cache_key)
-    
-    # 安全获取过期时间防崩
     expire_time = cached.get("expires_at", cached.get("expires", 0)) if cached else 0
-    if not cached or cached["code"] != pwd_data.code or time.time() > expire_time:
+    
+    if not cached or cached["code"] != code or time.time() > expire_time:
         raise HTTPException(status_code=400, detail="验证码不正确或已过期")
 
-    if len(pwd_data.new_password) < 6: raise HTTPException(status_code=400, detail="新密码必须大于等于6个字符")
-    if not re.match(r'^[a-zA-Z0-9!@#$%^&*()_+\-=\[\]{};\':"\\|,.<>\/?]{6,}$', pwd_data.new_password): raise HTTPException(status_code=400, detail="新密码包含不支持的特殊字符")
+    if len(new_password) < 6: raise HTTPException(status_code=400, detail="新密码必须大于等于6个字符")
+    if not re.match(r'^[a-zA-Z0-9!@#$%^&*()_+\-=\[\]{};\':"\\|,.<>\/?]{6,}$', new_password): raise HTTPException(status_code=400, detail="新密码包含不支持的特殊字符")
     
     VERIFY_CODES.pop(cache_key, None)
-    user["password"] = pwd_data.new_password
+    user["password"] = new_password
     db.save_data("users.json", users_db)
     
     return {"status": "success", "message": "密码修改成功"}
 
+
 @router.post("/api/users/follow")
 async def toggle_follow(follow: FollowToggle):
     users_db = db.load_data("users.json", default_data={})