up add sms

app/main/api/desc/front/user.api

@@ -157,8 +157,26 @@ service main {
 
 type (
 	sendSmsReq {
-		Mobile     string `json:"mobile" validate:"required,mobile"`
-		ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		Mobile             string `json:"mobile" validate:"required,mobile"`
+		ActionType         string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		CaptchaVerifyParam string `json:"captchaVerifyParam,optional"` // 阿里云滑块验证码参数
+	}
+)
+
+//============================> captcha v1 <============================
+@server (
+	prefix: api/v1
+	group:  captcha
+)
+service main {
+	@doc "get encrypted scene id for aliyun captcha"
+	@handler getEncryptedSceneId
+	post /captcha/encryptedSceneId returns (GetEncryptedSceneIdResp)
+}
+
+type (
+	GetEncryptedSceneIdResp {
+		EncryptedSceneId string `json:"encryptedSceneId"`
 	}
 )
 

app/main/api/etc/main.dev.yaml

@@ -18,6 +18,18 @@ VerifyCode:
     SignName: "天远查"
     TemplateCode: "SMS_302641455"
     ValidTime: 300
+
+Captcha:
+    # 建议与短信相同的 AccessKey，或单独为验证码创建子账号
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    # 验证码服务 Endpoint，国内一般为 captcha.cn-shanghai.aliyuncs.com
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    # 阿里云控制台中该场景的 SceneId，请替换为真实值
+    SceneID: "wynt39to"
+    # 验证码控制台中的 ekey（通常为 Base64 字符串），用于生成 EncryptedSceneId
+    EKey: ""
+    
 Encrypt:
     SecretKey: "ff83609b2b24fc73196aac3d3dfb874f"
 WestConfig:

app/main/api/etc/main.yaml

@@ -19,6 +19,18 @@ VerifyCode:
     SignName: "海南海宇大数据"
     TemplateCode: "SMS_302641455"
     ValidTime: 300
+
+Captcha:
+    # 建议与短信相同的 AccessKey，或单独为验证码创建子账号
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    # 验证码服务 Endpoint，国内一般为 captcha.cn-shanghai.aliyuncs.com
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    # 阿里云控制台中该场景的 SceneId，请替换为真实值
+    SceneID: "wynt39to"
+    # 验证码控制台中的 ekey（通常为 Base64 字符串），用于生成 EncryptedSceneId
+    EKey: ""
+    
 Encrypt:
     SecretKey: "ff83609b2b24fc73196aac3d3dfb874f"
 Alipay:

app/main/api/internal/config/config.go

@@ -24,6 +24,7 @@ type Config struct {
 	AdminConfig   AdminConfig
 	TaxConfig     TaxConfig
 	Promotion     PromotionConfig // 推广链接配置
+	Captcha       CaptchaConfig   // 阿里云滑块验证码配置
 }
 
 // JwtAuth 用于 JWT 鉴权配置
@@ -116,3 +117,12 @@ type PromotionConfig struct {
 	PromotionDomain string // 推广域名（用于生成短链）
 	OfficialDomain  string // 正式站点域名（短链重定向的目标域名）
 }
+
+// CaptchaConfig 阿里云滑块验证码配置
+type CaptchaConfig struct {
+	AccessKeyID     string
+	AccessKeySecret string
+	EndpointURL     string
+	SceneID         string
+	EKey            string // 加密模式用的 ekey（Base64）
+}

app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go

@@ -0,0 +1,26 @@
+package captcha
+
+import (
+	"net/http"
+
+	"ycc-server/app/main/api/internal/logic/captcha"
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+	"ycc-server/common/result"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func GetEncryptedSceneIdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.GetEncryptedSceneIdResp
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+
+		l := captcha.NewGetEncryptedSceneIdLogic(r.Context(), svcCtx)
+		resp, err := l.GetEncryptedSceneId()
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/routes.go

@@ -23,6 +23,7 @@ import (
 	app "ycc-server/app/main/api/internal/handler/app"
 	auth "ycc-server/app/main/api/internal/handler/auth"
 	authorization "ycc-server/app/main/api/internal/handler/authorization"
+	captcha "ycc-server/app/main/api/internal/handler/captcha"
 	notification "ycc-server/app/main/api/internal/handler/notification"
 	pay "ycc-server/app/main/api/internal/handler/pay"
 	product "ycc-server/app/main/api/internal/handler/product"
@@ -901,6 +902,18 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/v1"),
 	)
 
+	server.AddRoutes(
+		[]rest.Route{
+			{
+				// get encrypted scene id for aliyun captcha
+				Method:  http.MethodPost,
+				Path:    "/captcha/encryptedSceneId",
+				Handler: captcha.GetEncryptedSceneIdHandler(serverCtx),
+			},
+		},
+		rest.WithPrefix("/api/v1"),
+	)
+
 	server.AddRoutes(
 		[]rest.Route{
 			{

app/main/api/internal/logic/auth/sendsmslogic.go

@@ -2,11 +2,12 @@ package auth
 
 import (
 	"context"
-	"ycc-server/common/xerr"
-	"ycc-server/pkg/lzkit/crypto"
 	"fmt"
 	"math/rand"
 	"time"
+	"ycc-server/common/xerr"
+	"ycc-server/pkg/captcha"
+	"ycc-server/pkg/lzkit/crypto"
 
 	"github.com/pkg/errors"
 
@@ -35,6 +36,20 @@ func NewSendSmsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SendSmsLo
 }
 
 func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error {
+	// 1. 阿里云滑块验证码校验（防盗刷）
+	cfg := l.svcCtx.Config.Captcha
+	if cfg.SceneID != "" {
+		if err := captcha.Verify(captcha.Config{
+			AccessKeyID:     cfg.AccessKeyID,
+			AccessKeySecret: cfg.AccessKeySecret,
+			EndpointURL:     cfg.EndpointURL,
+			SceneID:         cfg.SceneID,
+		}, req.CaptchaVerifyParam); err != nil {
+			return err
+		}
+	}
+
+	// 2. 加密手机号
 	secretKey := l.svcCtx.Config.Encrypt.SecretKey
 	encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey)
 	if err != nil {

app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go

@@ -0,0 +1,48 @@
+package captcha
+
+import (
+	"context"
+
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+	"ycc-server/pkg/captcha"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type GetEncryptedSceneIdLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewGetEncryptedSceneIdLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetEncryptedSceneIdLogic {
+	return &GetEncryptedSceneIdLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *GetEncryptedSceneIdLogic) GetEncryptedSceneId() (*types.GetEncryptedSceneIdResp, error) {
+	cfg := l.svcCtx.Config.Captcha
+
+	// 如果没有配置 ekey，返回空（使用非加密模式）
+	if cfg.EKey == "" {
+		l.Logger.Info("[Captcha] 未配置 EKey，使用非加密模式")
+		return &types.GetEncryptedSceneIdResp{
+			EncryptedSceneId: "",
+		}, nil
+	}
+
+	// 生成加密场景ID，有效期1小时
+	encrypted, err := captcha.GenerateEncryptedSceneID(cfg.SceneID, cfg.EKey, 3600)
+	if err != nil {
+		l.Logger.Errorf("[Captcha] 生成加密场景ID失败: %+v", err)
+		return nil, err
+	}
+
+	return &types.GetEncryptedSceneIdResp{
+		EncryptedSceneId: encrypted,
+	}, nil
+}

app/main/api/internal/types/types.go

@@ -1505,6 +1505,10 @@ type GetCommissionListResp struct {
 	List  []CommissionItem `json:"list"`  // 列表
 }
 
+type GetEncryptedSceneIdResp struct {
+	EncryptedSceneId string `json:"encryptedSceneId"`
+}
+
 type GetInviteCodeListReq struct {
 	Page     int64 `form:"page"`            // 页码
 	PageSize int64 `form:"page_size"`       // 每页数量
@@ -2466,6 +2470,7 @@ type GetAppVersionResp struct {
 }
 
 type SendSmsReq struct {
-	Mobile     string `json:"mobile" validate:"required,mobile"`
-	ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+	Mobile             string `json:"mobile" validate:"required,mobile"`
+	ActionType         string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+	CaptchaVerifyParam string `json:"captchaVerifyParam,optional"` // 阿里云滑块验证码参数
 }