From 210bb3b9eac9a964e4c791a708edfc26f669490b Mon Sep 17 00:00:00 2001 From: csf123321 Date: Thu, 26 Mar 2026 02:12:29 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=BE=E7=88=86=E7=A0=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../app/core/verification/email/verificationService.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/backend/app/core/verification/email/verificationService.py b/backend/app/core/verification/email/verificationService.py index eb5636c..24cc626 100644 --- a/backend/app/core/verification/email/verificationService.py +++ b/backend/app/core/verification/email/verificationService.py @@ -19,6 +19,10 @@ LOGIN_CODE_EXPIRE_MINUTES = os.getenv("LOGIN_CODE_EXPIRE_MINUTES",5) # 同一邮箱发送验证码的冷却间隔(秒) CODE_SEND_COOLDOWN_SECONDS = os.getenv("CODE_SEND_COOLDOWN_SECONDS",60) +CODE_VERIFICATE_ATTEMP_SECONDS = os.getenv("CODE_VERIFICATE_ATTEMP_SECONDS", 60) + +CODE_VERIFICATE_ATTEMP_COUNT = os.getenv("CODE_VERIFICATE_ATTEMP_COUNT", 10) + class CodeExpiredError(Exception): """code has been expired""" pass @@ -62,8 +66,13 @@ class EmailVerificationService: def verify_code(self,email: str, code: str, purpose: VerificationPurpose): email = email.lower() + key = f"verification:attempts:{purpose.value.lower()}:{email}" code_hash = hash_verification_code(code) + attempts = self.repo.incr(key, int(CODE_VERIFICATE_ATTEMP_SECONDS)) + if attempts > int(CODE_VERIFICATE_ATTEMP_COUNT): + raise TooManyCodeRequestsError("Too many attempts") + stored = self.repo.compare_and_consume(email, purpose, code_hash) if stored == False: