fix：修复注册逻辑和HTTP状态码问题

核心修复： - 调整注册流程检查顺序，先验证用户存在性再验证验证码 - 修复HTTP状态码问题，业务失败时返回正确的错误状态码 - 优化错误处理逻辑，提供更准确的错误信息主要变更： - 登录核心服务：重构注册方法，优化检查顺序避免验证码无效消费 - 用户服务：分离用户创建和重复检查逻辑，提高代码复用性 - 登录控制器：修复HTTP状态码处理，根据业务结果返回正确状态码 - API文档：更新注册接口说明和错误响应示例 - 测试脚本：优化测试逻辑和注释说明修复效果： - 用户已存在时立即返回正确错误信息，不消费验证码 - API响应状态码准确反映业务执行结果 - 错误信息更加用户友好和准确 - 验证码使用更加合理和高效测试验证： - 所有核心功能测试通过 - 注册逻辑修复验证成功 - HTTP状态码修复验证成功 - 限流功能正常工作
2025-12-24 20:39:23 +08:00
parent e537e782a9
commit 404ef5d3e0
5 changed files with 297 additions and 66 deletions
--- a/test-throttle.ps1
+++ b/test-throttle.ps1
@@ -1,29 +1,111 @@
 # Test throttle functionality
+# 测试限流功能
+#
+# 主要测试内容：
+# 1. 限流记录清除功能
+# 2. 正常注册请求（在限流范围内）
+# 3. 批量请求测试限流阈值
+# 4. 验证限流配置是否正确生效
+#
+# 当前限流配置：
+# - 注册接口：10次/5分钟（开发环境已放宽）
+# - 登录接口：5次/分钟
+# - 发送验证码：1次/分钟
+# - 密码重置：3次/小时
 $baseUrl = "http://localhost:3000"

-Write-Host "Testing throttle functionality..." -ForegroundColor Green
+Write-Host "🚦 Testing Throttle Functionality" -ForegroundColor Green
+Write-Host "==================================" -ForegroundColor Green

-# Test: Try to register (should work now with increased limit)
-Write-Host "`nTesting register with increased throttle limit..." -ForegroundColor Yellow
+# Clear throttle first
+Write-Host "`n🔄 Clearing throttle records..." -ForegroundColor Blue
+try {
+    $clearResponse = Invoke-RestMethod -Uri "$baseUrl/auth/debug-clear-throttle" -Method POST
+    Write-Host "✅ $($clearResponse.message)" -ForegroundColor Green
+} catch {
+    Write-Host "⚠️ Could not clear throttle records" -ForegroundColor Yellow
+}
+
+# Test normal registration (should work with increased limit)
+Write-Host "`n📋 Test 1: Normal registration with increased throttle limit" -ForegroundColor Yellow
 $registerData = @{
-    username = "testuser_throttle"
+    username = "testuser_throttle_$(Get-Random)"
    password = "password123"
    nickname = "Test User Throttle"
 } | ConvertTo-Json

 try {
    $response = Invoke-RestMethod -Uri "$baseUrl/auth/register" -Method POST -Body $registerData -ContentType "application/json" -ErrorAction Stop
-    Write-Host "Status: Success (201)" -ForegroundColor Green
-    Write-Host "Response: $($response.message)" -ForegroundColor Green
+    Write-Host "✅ SUCCESS: Registration completed" -ForegroundColor Green
+    Write-Host "Message: $($response.message)" -ForegroundColor Cyan
 } catch {
    $statusCode = $_.Exception.Response.StatusCode.value__
-    Write-Host "Status Code: $statusCode" -ForegroundColor $(if ($statusCode -eq 429) { "Yellow" } else { "Red" })
+    Write-Host "❌ FAILED ($statusCode)" -ForegroundColor $(if ($statusCode -eq 429) { "Yellow" } else { "Red" })
    
    if ($_.Exception.Response) {
        $reader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream())
        $responseBody = $reader.ReadToEnd()
-        Write-Host "Response: $responseBody" -ForegroundColor Gray
+        $reader.Close()
+        
+        try {
+            $errorResponse = $responseBody | ConvertFrom-Json
+            Write-Host "Message: $($errorResponse.message)" -ForegroundColor Cyan
+            if ($errorResponse.throttle_info) {
+                Write-Host "Throttle Info:" -ForegroundColor Gray
+                Write-Host "  Limit: $($errorResponse.throttle_info.limit)" -ForegroundColor Gray
+                Write-Host "  Window: $($errorResponse.throttle_info.window_seconds)s" -ForegroundColor Gray
+                Write-Host "  Current: $($errorResponse.throttle_info.current_requests)" -ForegroundColor Gray
+                Write-Host "  Reset: $($errorResponse.throttle_info.reset_time)" -ForegroundColor Gray
+            }
+        } catch {
+            Write-Host "Raw Response: $responseBody" -ForegroundColor Gray
+        }
    }
 }

-Write-Host "`nTest completed!" -ForegroundColor Green
+# Test throttle limits by making multiple requests
+Write-Host "`n📋 Test 2: Testing throttle limits (register endpoint: 10 requests/5min)" -ForegroundColor Yellow
+$successCount = 0
+$throttleCount = 0
+
+for ($i = 1; $i -le 12; $i++) {
+    $testData = @{
+        username = "throttletest_$i"
+        password = "password123"
+        nickname = "Throttle Test $i"
+    } | ConvertTo-Json
+    
+    try {
+        $response = Invoke-RestMethod -Uri "$baseUrl/auth/register" -Method POST -Body $testData -ContentType "application/json" -ErrorAction Stop
+        $successCount++
+        Write-Host "  Request $i`: ✅ Success" -ForegroundColor Green
+    } catch {
+        $statusCode = $_.Exception.Response.StatusCode.value__
+        if ($statusCode -eq 429) {
+            $throttleCount++
+            Write-Host "  Request $i`: 🚦 Throttled (429)" -ForegroundColor Yellow
+        } else {
+            Write-Host "  Request $i`: ❌ Failed ($statusCode)" -ForegroundColor Red
+        }
+    }
+    
+    # Small delay between requests
+    Start-Sleep -Milliseconds 100
+}
+
+Write-Host "`n📊 Results:" -ForegroundColor Cyan
+Write-Host "  Successful requests: $successCount" -ForegroundColor Green
+Write-Host "  Throttled requests: $throttleCount" -ForegroundColor Yellow
+Write-Host "  Expected behavior: ~10 success, ~2 throttled" -ForegroundColor Gray
+
+if ($successCount -ge 8 -and $throttleCount -ge 1) {
+    Write-Host "✅ PASS: Throttle is working correctly" -ForegroundColor Green
+} else {
+    Write-Host "⚠️ WARNING: Throttle behavior may need adjustment" -ForegroundColor Yellow
+}
+
+Write-Host "`n🎯 Throttle Configuration:" -ForegroundColor Green
+Write-Host "  Register: 10 requests / 5 minutes" -ForegroundColor White
+Write-Host "  Login: 5 requests / 1 minute" -ForegroundColor White
+Write-Host "  Send Code: 1 request / 1 minute" -ForegroundColor White
+Write-Host "  Password Reset: 3 requests / 1 hour" -ForegroundColor White