优化API接口请求方式判断

2025-04-30 17:27:34 +08:00 · 2025-04-30 17:27:34 +08:00 · 720b83f9dc
parent dc671f0f4d
commit 720b83f9dc
5 changed files with 46 additions and 3 deletions
--- a/application/api/controller/Ems.php
+++ b/application/api/controller/Ems.php
@ -30,6 +30,7 @@ class Ems extends Api
    public function send()
    {
        $email = $this->request->post("email");
+        $captcha = $this->request->post("captcha");
        $event = $this->request->post("event");
        $event = $event ? $event : 'register';

--- a/application/api/controller/Sms.php
+++ b/application/api/controller/Sms.php
@ -15,18 +15,39 @@ class Sms extends Api
    protected $noNeedLogin = '*';
    protected $noNeedRight = '*';

+    public function _initialize()
+    {
+        parent::_initialize();
+        if (!$this->request->isPost()) {
+            $this->error(__('请求错误'));
+        }
+    }
+
    /**
     * 发送验证码
     *
     * @ApiMethod (POST)
     * @ApiParams (name="mobile", type="string", required=true, description="手机号")
     * @ApiParams (name="event", type="string", required=true, description="事件名称")
+     * @ApiParams (name="type", type="string", required=false, description="验证类型，auto为自动验证，system为系统验证码")
+     * @ApiParams (name="source_id", type="string", required=false, description="来源ID")
     */
    public function send()
    {
        $mobile = $this->request->post("mobile");
+        $captcha = $this->request->post("captcha");
        $event = $this->request->post("event");
-        $event = $event ? $event : 'register';
+        $event = $event ?: 'register';
+        $type = $this->request->post("type", 'auto');
+        $source_id = $this->request->post("source_id", '');
+
+        //发送前验证码
+        if (config('fastadmin.user_api_captcha')) {
+            $valid = $type === 'auto' ? \think\Validate::is($captcha, 'captcha') : captcha_check($captcha, $source_id);
+            if (!$valid) {
+                $this->error("验证码不正确");
+            }
+        }

        if (!$mobile || !\think\Validate::regex($mobile, "^1\d{10}$")) {
            $this->error(__('手机号不正确'));
@ -75,7 +96,7 @@ class Sms extends Api
    {
        $mobile = $this->request->post("mobile");
        $event = $this->request->post("event");
-        $event = $event ? $event : 'register';
+        $event = $event ?: 'register';
        $captcha = $this->request->post("captcha");

        if (!$mobile || !\think\Validate::regex($mobile, "^1\d{10}$")) {
--- a/application/api/controller/Token.php
+++ b/application/api/controller/Token.php
@ -13,6 +13,14 @@ class Token extends Api
    protected $noNeedLogin = [];
    protected $noNeedRight = '*';

+    public function _initialize()
+    {
+        parent::_initialize();
+        if (!$this->request->isPost()) {
+            $this->error(__('请求错误'));
+        }
+    }
+
    /**
     * 检测Token是否过期
     *
--- a/application/api/controller/User.php
+++ b/application/api/controller/User.php
@ -25,6 +25,10 @@ class User extends Api
            $this->error(__('User center already closed'));
        }

+        if (!$this->request->isPost() && $this->request->action() !== 'index') {
+            $this->error(__('请求错误'));
+        }
+
    }

    /**
@ -68,7 +72,7 @@ class User extends Api
    public function mobilelogin()
    {
        $mobile = $this->request->post('mobile');
-        $captcha = $this->request->post('captcha');
+        $captcha = $this->request->post('smscode', $this->request->post('captcha'));
        if (!$mobile || !$captcha) {
            $this->error(__('Invalid parameters'));
        }
@ -87,6 +91,7 @@ class User extends Api
            $ret = $this->auth->direct($user->id);
        } else {
            $ret = $this->auth->register($mobile, Random::alnum(), '', $mobile, []);
+            $this->auth->getUser()->save(['verification' => ['email' => 0, 'mobile' => 1]]);
        }
        if ($ret) {
            Sms::flush($mobile, 'mobilelogin');
@ -109,6 +114,10 @@ class User extends Api
     */
    public function register()
    {
+        if (!config('fastadmin.user_register')) {
+            $this->error(__('User register already closed'));
+        }
+
        $username = $this->request->post('username');
        $password = $this->request->post('password');
        $email = $this->request->post('email');
@ -129,6 +138,7 @@ class User extends Api
        }
        $ret = $this->auth->register($username, $password, $email, $mobile, []);
        if ($ret) {
+            $this->auth->getUser()->save(['verification' => ['email' => 0, 'mobile' => 1]]);
            $data = ['userinfo' => $this->auth->getUserinfo()];
            $this->success(__('Sign up successful'), $data);
        } else {
--- a/application/api/controller/Validate.php
+++ b/application/api/controller/Validate.php
@ -17,6 +17,9 @@ class Validate extends Api
    public function _initialize()
    {
        parent::_initialize();
+        if (!$this->request->isPost()) {
+            $this->error(__('请求错误'));
+        }
    }

    /**