add limit

2026-02-26 13:15:15 +08:00
parent bfbdf983b0
commit ad38f168e8
12 changed files with 175 additions and 19 deletions
--- a/app/main/api/desc/front/user.api
+++ b/app/main/api/desc/front/user.api
@@ -156,8 +156,9 @@ service main {

 type (
 	sendSmsReq {
-		Mobile     string `json:"mobile" validate:"required,mobile"`
-		ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		Mobile             string `json:"mobile" validate:"required,mobile"`
+		ActionType         string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		CaptchaVerifyParam string `json:"captchaVerifyParam"` // 阿里云滑块验证码参数
 	}
 )

--- a/app/main/api/etc/main.dev.yaml
+++ b/app/main/api/etc/main.dev.yaml
@@ -90,3 +90,8 @@ Authorization:
 Promotion:
    PromotionDomain: "http://localhost:8888" # 推广域名（用于生成短链）
    OfficialDomain: "http://localhost:5678" # 正式站点域名（短链重定向的目标域名）
+Captcha:
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    SceneID: "wynt39to"
--- a/app/main/api/etc/main.yaml
+++ b/app/main/api/etc/main.yaml
@@ -77,3 +77,8 @@ Authorization:
 Promotion:
    PromotionDomain: "https://p.zhenaicha.com" # 推广域名（用于生成短链）
    OfficialDomain: "https://www.zhenaicha.com" # 正式站点域名（短链重定向的目标域名）
+Captcha:
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    SceneID: "wynt39to"
--- a/app/main/api/internal/config/config.go
+++ b/app/main/api/internal/config/config.go
@@ -24,6 +24,7 @@ type Config struct {
 	AdminConfig   AdminConfig
 	TaxConfig     TaxConfig
 	Promotion     PromotionConfig // 推广链接配置
+	Captcha       CaptchaConfig   // 阿里云滑块验证码配置
 }

 // JwtAuth 用于 JWT 鉴权配置
@@ -116,3 +117,11 @@ type PromotionConfig struct {
 	PromotionDomain string // 推广域名（用于生成短链）
 	OfficialDomain  string // 正式站点域名（短链重定向的目标域名）
 }
+
+// CaptchaConfig 阿里云滑块验证码配置
+type CaptchaConfig struct {
+	AccessKeyID     string
+	AccessKeySecret string
+	EndpointURL     string
+	SceneID         string
+}
--- a/app/main/api/internal/logic/admin_order/admingetorderlistlogic.go
+++ b/app/main/api/internal/logic/admin_order/admingetorderlistlogic.go
@@ -194,7 +194,7 @@ func (l *AdminGetOrderListLogic) AdminGetOrderList(req *types.AdminGetOrderListR
 		return nil
 	}, func() error {
 		var err error
-		orders, err = l.svcCtx.OrderModel.FindPageListByPage(l.ctx, builder, req.Page, req.PageSize, "id DESC")
+		orders, err = l.svcCtx.OrderModel.FindPageListByPage(l.ctx, builder, req.Page, req.PageSize, "update_time DESC")
 		if err != nil {
 			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "AdminGetOrderList, 查询订单列表失败 err: %v", err)
 		}
--- a/app/main/api/internal/logic/auth/sendsmslogic.go
+++ b/app/main/api/internal/logic/auth/sendsmslogic.go
@@ -2,10 +2,11 @@ package auth

 import (
 	"context"
-	"qnc-server/common/xerr"
-	"qnc-server/pkg/lzkit/crypto"
 	"fmt"
 	"math/rand"
+	"qnc-server/common/xerr"
+	"qnc-server/pkg/captcha"
+	"qnc-server/pkg/lzkit/crypto"
 	"time"

 	"github.com/pkg/errors"
@@ -35,6 +36,17 @@ func NewSendSmsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SendSmsLo
 }

 func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error {
+	// 1. 滑块验证码校验
+	cfg := l.svcCtx.Config.Captcha
+	if err := captcha.Verify(captcha.Config{
+		AccessKeyID:     cfg.AccessKeyID,
+		AccessKeySecret: cfg.AccessKeySecret,
+		EndpointURL:     cfg.EndpointURL,
+		SceneID:         cfg.SceneID,
+	}, req.CaptchaVerifyParam); err != nil {
+		return err
+	}
+
 	secretKey := l.svcCtx.Config.Encrypt.SecretKey
 	encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey)
 	if err != nil {
--- a/app/main/api/internal/logic/query/queryservicelogic.go
+++ b/app/main/api/internal/logic/query/queryservicelogic.go
@@ -10,6 +10,7 @@ import (
 	"qnc-server/app/main/model"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/xerr"
+	"qnc-server/pkg/captcha"
 	"qnc-server/pkg/lzkit/crypto"
 	"qnc-server/pkg/lzkit/lzUtils"
 	"qnc-server/pkg/lzkit/validator"
@@ -66,6 +67,7 @@ func (l *QueryServiceLogic) PreprocessLogic(req *types.QueryServiceReq, product
 	}
 	return nil, errors.New("未找到相应的处理程序")
 }
+
 func (l *QueryServiceLogic) ProcessMarriageLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {

 	// AES解密
@@ -84,10 +86,9 @@ func (l *QueryServiceLogic) ProcessMarriageLogic(req *types.QueryServiceReq) (*t
 		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
 	}

-	// 校验验证码
-	verifyCodeErr := l.VerifyCode(data.Mobile, data.Code)
-	if verifyCodeErr != nil {
-		return nil, verifyCodeErr
+	// 校验拼图验证码
+	if err := l.VerifyCaptcha(data.CaptchaVerifyParam); err != nil {
+		return nil, err
 	}

 	// 校验三要素
@@ -832,3 +833,22 @@ func (l *QueryServiceLogic) InsertQueryUserRecord(params map[string]interface{},

 	return nil
 }
+
+// VerifyCaptcha 校验拼图验证码
+func (l *QueryServiceLogic) VerifyCaptcha(captchaVerifyParam string) error {
+	// 开发环境跳过验证
+	if os.Getenv("ENV") == "development" {
+		return nil
+	}
+
+	cfg := l.svcCtx.Config.Captcha
+	if err := captcha.Verify(captcha.Config{
+		AccessKeyID:     cfg.AccessKeyID,
+		AccessKeySecret: cfg.AccessKeySecret,
+		EndpointURL:     cfg.EndpointURL,
+		SceneID:         cfg.SceneID,
+	}, captchaVerifyParam); err != nil {
+		return errors.Wrapf(xerr.NewErrMsg("拼图验证码校验失败"), "captcha verify failed: %v", err)
+	}
+	return nil
+}
--- a/app/main/api/internal/types/queryMap.go
+++ b/app/main/api/internal/types/queryMap.go
@@ -1,11 +1,13 @@
 package types

+// MarriageReq 婚姻查询请求（不需要短信验证码，使用拼图验证）
 type MarriageReq struct {
-	Name   string `json:"name" validate:"required,name"`
-	IDCard string `json:"id_card" validate:"required,idCard"`
-	Mobile string `json:"mobile" validate:"required,mobile"`
-	Code   string `json:"code" validate:"required"`
+	Name               string `json:"name" validate:"required,name"`
+	IDCard             string `json:"id_card" validate:"required,idCard"`
+	Mobile             string `json:"mobile" validate:"required,mobile"`
+	CaptchaVerifyParam string `json:"captchaVerifyParam"` // 拼图验证参数
 }
+
 type HomeServiceReq struct {
 	Name   string `json:"name" validate:"required,name"`
 	IDCard string `json:"id_card" validate:"required,idCard"`
--- a/app/main/api/internal/types/types.go
+++ b/app/main/api/internal/types/types.go
@@ -2157,6 +2157,7 @@ type GetAppVersionResp struct {
 }

 type SendSmsReq struct {
-	Mobile     string `json:"mobile" validate:"required,mobile"`
-	ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+	Mobile             string `json:"mobile" validate:"required,mobile"`
+	ActionType         string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+	CaptchaVerifyParam string `json:"captchaVerifyParam"` // 阿里云滑块验证码参数
 }