Upload 2 files

models.py

@@ -6,6 +6,7 @@ class SendCodeRequest(BaseModel):
     contact: str
     contact_type: str  # "email" 或 "phone"
     action_type: str   # "register" 或 "reset"
+    account: Optional[str] = None  # 【新增】：仅重置密码时需要传，用于校验身份
 
 class UserRegister(BaseModel):
     account: str   

router_users.py

@@ -57,6 +57,22 @@ def send_sms_code(phone: str, code: str, action: str):
 # 【核心优化】：引入 BackgroundTasks
 @router.post("/api/users/send-code")
 async def send_verify_code(req: SendCodeRequest, bg_tasks: BackgroundTasks):
+    # 【新增核心逻辑】：如果是找回密码，先去数据库里核对联系方式
+    if req.action_type == "reset":
+        if not req.account:
+            raise HTTPException(status_code=400, detail="找回密码需先填写当前账号")
+        
+        users_db = db.load_data("users.json", default_data={})
+        user = users_db.get(req.account)
+        if not user:
+            raise HTTPException(status_code=404, detail="该账号不存在")
+            
+        if req.contact_type == "email" and user.get("email") != req.contact:
+            raise HTTPException(status_code=400, detail="填写的邮箱与该账号绑定的邮箱不一致")
+        if req.contact_type == "phone" and user.get("phone") != req.contact:
+            raise HTTPException(status_code=400, detail="填写的手机号与该账号绑定的手机号不一致")
+
+    # 原有的生成验证码和发送逻辑保持不变
     code = str(random.randint(100000, 999999))
     cache_key = f"{req.contact}_{req.action_type}"