修复绕过注册邮箱限制

xmdhs · Nov 25, 2023 · 8071de4 · 8071de4
1 parent afdfa4c
commit 8071de4
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 11 deletions.
diff --git a/frontend/src/Route.tsx b/frontend/src/Route.tsx
@@ -27,7 +27,7 @@ function Root() {
                     <Route path="/login" element={<Login />} />
                     <Route path="/register" element={<Register />} />
                     <Route path="/register_email" element={<SendEmail title="注册" sendService={sendRegEmail} />} />
-                    <Route path="/forgot_email" element={<SendEmail title="找回密码" anyEmail sendService={sendForgotEmail} />} />
+                    <Route path="/forgot_email" element={<SendEmail title="重设密码" anyEmail sendService={sendForgotEmail} />} />
                     <Route path="/forgot" element={<Forgot />} />
 
                     <Route element={<NeedLogin><Outlet /></NeedLogin>}>

diff --git a/frontend/src/views/Forgot.tsx b/frontend/src/views/Forgot.tsx
@@ -18,7 +18,7 @@ import { useNavigate } from 'react-router-dom';
 
 export default function Forgot() {
     const [err, setErr] = useState("")
-    useTitle("找回密码")
+    useTitle("重设密码")
     const [passerr, setPasserr] = useState("")
     const [pass, setPass] = useState({
         pass1: "",

diff --git a/service/email/email.go b/service/email/email.go
@@ -113,7 +113,7 @@ func (e EmailService) SendVerifyUrl(ctx context.Context, email string, interval
 		return fmt.Errorf("SendVerifyUrl: %w", err)
 	}
 
-	code, err := newJwtToken(e.pri, email)
+	code, err := newJwtToken(e.pri, email, issuer+path)
 	if err != nil {
 		return fmt.Errorf("SendVerifyUrl: %w", err)
 	}
@@ -159,7 +159,7 @@ var (
 	ErrTokenInvalid = errors.New("token 无效")
 )
 
-func (e EmailService) VerifyJwt(email, jwtStr string) error {
+func (e EmailService) VerifyJwt(email, jwtStr, path string) error {
 	token, err := jwt.ParseWithClaims(jwtStr, &jwt.RegisteredClaims{}, func(t *jwt.Token) (interface{}, error) {
 		return &e.pri.PublicKey, nil
 	})
@@ -168,20 +168,20 @@ func (e EmailService) VerifyJwt(email, jwtStr string) error {
 	}
 	sub, _ := token.Claims.GetSubject()
 	iss, _ := token.Claims.GetIssuer()
-	if !token.Valid || sub != email || iss != issuer {
+	if !token.Valid || sub != email || iss+path != issuer {
 		return fmt.Errorf("VerifyJwt: %w", ErrTokenInvalid)
 	}
 	return nil
 }
 
-const issuer = "authlib-skin email verification"
+const issuer = "email"
 
-func newJwtToken(jwtKey *rsa.PrivateKey, email string) (string, error) {
+func newJwtToken(jwtKey *rsa.PrivateKey, email, iss string) (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.RegisteredClaims{
 		ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * 24 * time.Hour)),
 		IssuedAt:  jwt.NewNumericDate(time.Now()),
 		Subject:   email,
-		Issuer:    issuer,
+		Issuer:    iss,
 	})
 	jwts, err := token.SignedString(jwtKey)
 	if err != nil {

diff --git a/service/user.go b/service/user.go
@@ -60,7 +60,7 @@ func (w *UserService) Reg(ctx context.Context, u model.UserReg, ipPrefix, ip str
 	}
 
 	if w.config.Email.Enable {
-		err := w.emailService.VerifyJwt(u.Email, u.EmailJwt)
+		err := w.emailService.VerifyJwt(u.Email, u.EmailJwt, "/register")
 		if err != nil {
 			return model.LoginRep{}, fmt.Errorf("Reg: %w", err)
 		}
@@ -263,15 +263,15 @@ func (w *UserService) SendChangePasswordEmail(ctx context.Context, email, Captch
 	if c == 0 {
 		return fmt.Errorf("SendChangePasswordEmail: %w", ErrUsername)
 	}
-	err = w.emailService.SendVerifyUrl(ctx, email, 60, host, "找回密码邮箱验证", "点击下方链接更改你的密码，1 天内有效", "/forgot")
+	err = w.emailService.SendVerifyUrl(ctx, email, 60, host, "重设密码", "点击下方链接更改你的密码，1 天内有效", "/forgot")
 	if err != nil {
 		return fmt.Errorf("SendChangePasswordEmail: %w", err)
 	}
 	return nil
 }
 
 func (w *UserService) ForgotPassword(ctx context.Context, email, passWord, emailJwt string) error {
-	err := w.emailService.VerifyJwt(email, emailJwt)
+	err := w.emailService.VerifyJwt(email, emailJwt, "/forgot")
 	if err != nil {
 		return fmt.Errorf("ForgotPassword: %w", err)
 	}