datawhale/whale-town-end
3
4
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix:修复注册逻辑和HTTP状态码问题 #22

Merged
moyin merged 1 commits from fix/registration-logic-and-status-codes into main 2025-12-24 20:41:18 +08:00
Conversation 0 Commits 1 Files Changed 5 +297 -66
5 changed files with 297 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docs/api/api-documentation.md
View File

@@ -164,7 +164,12 @@
**重要说明** **重要说明**
- 如果提供邮箱,必须先调用发送验证码接口获取验证码 - 如果提供邮箱,必须先调用发送验证码接口获取验证码
- 验证码验证失败会返回400状态码而不是201 - 注册时会按以下顺序进行检查:
1. 首先检查用户名是否已存在
2. 检查邮箱是否已存在(如果提供)
3. 检查手机号是否已存在(如果提供)
4. 最后验证邮箱验证码(如果提供邮箱)
- 这样确保验证码不会因为用户已存在而被无效消费
- 注册成功返回201失败返回400 - 注册成功返回201失败返回400
#### 请求参数 #### 请求参数
@@ -214,6 +219,35 @@
``` ```
**失败响应** (400): **失败响应** (400):
**用户名已存在**:
```json
{
"success": false,
"message": "用户名已存在",
"error_code": "REGISTER_FAILED"
}
```
**邮箱已存在**:
```json
{
"success": false,
"message": "邮箱已存在",
"error_code": "REGISTER_FAILED"
}
```
**手机号已存在**:
```json
{
"success": false,
"message": "手机号已存在",
"error_code": "REGISTER_FAILED"
}
```
**邮箱验证码相关错误**:
```json ```json
{ {
"success": false, "success": false,

44
src/core/db/users/users.service.ts
View File

@@ -32,7 +32,6 @@ export class UsersService {
* *
* @param createUserDto 创建用户的数据传输对象 * @param createUserDto 创建用户的数据传输对象
* @returns 创建的用户实体 * @returns 创建的用户实体
* @throws ConflictException 当用户名、邮箱或手机号已存在时
* @throws BadRequestException 当数据验证失败时 * @throws BadRequestException 当数据验证失败时
*/ */
async create(createUserDto: CreateUserDto): Promise<Users> { async create(createUserDto: CreateUserDto): Promise<Users> {
@@ -47,6 +46,32 @@ export class UsersService {
throw new BadRequestException(`数据验证失败: ${errorMessages}`); throw new BadRequestException(`数据验证失败: ${errorMessages}`);
} }
// 创建用户实体
const user = new Users();
user.username = createUserDto.username;
user.email = createUserDto.email || null;
user.phone = createUserDto.phone || null;
user.password_hash = createUserDto.password_hash || null;
user.nickname = createUserDto.nickname;
user.github_id = createUserDto.github_id || null;
user.avatar_url = createUserDto.avatar_url || null;
user.role = createUserDto.role || 1;
user.email_verified = createUserDto.email_verified || false;
user.status = createUserDto.status || UserStatus.ACTIVE;
// 保存到数据库
return await this.usersRepository.save(user);
}
/**
* 创建新用户(带重复检查)
*
* @param createUserDto 创建用户的数据传输对象
* @returns 创建的用户实体
* @throws ConflictException 当用户名、邮箱或手机号已存在时
* @throws BadRequestException 当数据验证失败时
*/
async createWithDuplicateCheck(createUserDto: CreateUserDto): Promise<Users> {
// 检查用户名是否已存在 // 检查用户名是否已存在
if (createUserDto.username) { if (createUserDto.username) {
const existingUser = await this.usersRepository.findOne({ const existingUser = await this.usersRepository.findOne({
@@ -87,21 +112,8 @@ export class UsersService {
} }
} }
// 创建用户实体 // 调用普通的创建方法
const user = new Users(); return await this.create(createUserDto);
user.username = createUserDto.username;
user.email = createUserDto.email || null;
user.phone = createUserDto.phone || null;
user.password_hash = createUserDto.password_hash || null;
user.nickname = createUserDto.nickname;
user.github_id = createUserDto.github_id || null;
user.avatar_url = createUserDto.avatar_url || null;
user.role = createUserDto.role || 1;
user.email_verified = createUserDto.email_verified || false;
user.status = createUserDto.status || UserStatus.ACTIVE;
// 保存到数据库
return await this.usersRepository.save(user);
} }
/** /**

23
src/core/login_core/login_core.service.ts
View File

@@ -174,6 +174,29 @@ export class LoginCoreService {
async register(registerRequest: RegisterRequest): Promise<AuthResult> { async register(registerRequest: RegisterRequest): Promise<AuthResult> {
const { username, password, nickname, email, phone, email_verification_code } = registerRequest; const { username, password, nickname, email, phone, email_verification_code } = registerRequest;
// 先检查用户是否已存在,避免消费验证码后才发现用户存在
const existingUser = await this.usersService.findByUsername(username);
if (existingUser) {
throw new ConflictException('用户名已存在');
}
// 检查邮箱是否已存在
if (email) {
const existingEmail = await this.usersService.findByEmail(email);
if (existingEmail) {
throw new ConflictException('邮箱已存在');
}
}
// 检查手机号是否已存在
if (phone) {
const users = await this.usersService.findAll();
const existingPhone = users.find((u: Users) => u.phone === phone);
if (existingPhone) {
throw new ConflictException('手机号已存在');
}
}
// 如果提供了邮箱,必须验证邮箱验证码 // 如果提供了邮箱,必须验证邮箱验证码
if (email) { if (email) {
if (!email_verification_code) { if (!email_verification_code) {

160
test-register-fix.ps1
View File

@@ -1,53 +1,133 @@
# Test register API fix # Test register API fix - Core functionality test
# 测试注册API修复 - 核心功能测试
#
# 主要测试内容:
# 1. 用户注册(无邮箱)- 应该成功
# 2. 用户注册(有邮箱但无验证码)- 应该失败并返回正确错误信息
# 3. 用户存在性检查 - 应该在验证码验证之前进行,返回"用户名已存在"
# 4. 邮箱验证码完整流程 - 验证码生成、注册、重复邮箱检查
#
# 修复验证:
# - 用户存在检查现在在验证码验证之前执行
# - 验证码不会因为用户已存在而被无效消费
# - 错误信息更加准确和用户友好
$baseUrl = "http://localhost:3000" $baseUrl = "http://localhost:3000"
Write-Host "Testing register API fix..." -ForegroundColor Green Write-Host "🧪 Testing Register API Fix" -ForegroundColor Green
Write-Host "============================" -ForegroundColor Green
# Test 1: Register with email but no verification code (should return 400) # Helper function to handle API responses
Write-Host "`nTest 1: Register with email but no verification code" -ForegroundColor Yellow function Test-ApiCall {
$registerData1 = @{ param(
username = "testuser1" [string]$TestName,
password = "password123" [string]$Url,
nickname = "Test User 1" [string]$Body,
email = "test1@example.com" [int]$ExpectedStatus = 200
} | ConvertTo-Json )
try {
$response1 = Invoke-RestMethod -Uri "$baseUrl/auth/register" -Method POST -Body $registerData1 -ContentType "application/json" -ErrorAction Stop
Write-Host "Status: 200/201 (Unexpected success)" -ForegroundColor Red
Write-Host "Response: $($response1 | ConvertTo-Json -Depth 3)" -ForegroundColor Red
} catch {
$statusCode = $_.Exception.Response.StatusCode.value__
Write-Host "Status Code: $statusCode" -ForegroundColor $(if ($statusCode -eq 400) { "Green" } else { "Red" })
if ($_.Exception.Response) { Write-Host "`n📋 $TestName" -ForegroundColor Yellow
$reader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream())
$responseBody = $reader.ReadToEnd() try {
Write-Host "Response: $responseBody" -ForegroundColor Gray $response = Invoke-RestMethod -Uri $Url -Method POST -Body $Body -ContentType "application/json" -ErrorAction Stop
Write-Host "✅ SUCCESS ($(if ($response.success) { 'true' } else { 'false' }))" -ForegroundColor Green
Write-Host "Message: $($response.message)" -ForegroundColor Cyan
return $response
} catch {
$statusCode = $_.Exception.Response.StatusCode.value__
Write-Host "❌ FAILED ($statusCode)" -ForegroundColor $(if ($statusCode -eq $ExpectedStatus) { "Yellow" } else { "Red" })
if ($_.Exception.Response) {
$stream = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($stream)
$responseBody = $reader.ReadToEnd()
$reader.Close()
$stream.Close()
if ($responseBody) {
try {
$errorResponse = $responseBody | ConvertFrom-Json
Write-Host "Message: $($errorResponse.message)" -ForegroundColor Cyan
Write-Host "Error Code: $($errorResponse.error_code)" -ForegroundColor Gray
return $errorResponse
} catch {
Write-Host "Raw Response: $responseBody" -ForegroundColor Gray
}
} else {
Write-Host "Empty response body" -ForegroundColor Gray
}
}
return $null
} }
} }
# Test 2: Register without email (should return 201) # Clear throttle first
Write-Host "`nTest 2: Register without email" -ForegroundColor Yellow Write-Host "`n🔄 Clearing throttle records..." -ForegroundColor Blue
$registerData2 = @{
username = "testuser2"
password = "password123"
nickname = "Test User 2"
} | ConvertTo-Json
try { try {
$response2 = Invoke-RestMethod -Uri "$baseUrl/auth/register" -Method POST -Body $registerData2 -ContentType "application/json" -ErrorAction Stop Invoke-RestMethod -Uri "$baseUrl/auth/debug-clear-throttle" -Method POST | Out-Null
Write-Host "Status: 200/201 (Success)" -ForegroundColor Green Write-Host "✅ Throttle cleared" -ForegroundColor Green
Write-Host "Response: $($response2 | ConvertTo-Json -Depth 3)" -ForegroundColor Green
} catch { } catch {
$statusCode = $_.Exception.Response.StatusCode.value__ Write-Host "⚠️ Could not clear throttle" -ForegroundColor Yellow
Write-Host "Status Code: $statusCode (Unexpected failure)" -ForegroundColor Red }
# Test 1: Register without email (should succeed)
$result1 = Test-ApiCall -TestName "Register without email" -Url "$baseUrl/auth/register" -Body (@{
username = "testuser_$(Get-Random)"
password = "password123"
nickname = "Test User"
} | ConvertTo-Json)
# Test 2: Register with email but no verification code (should fail)
$result2 = Test-ApiCall -TestName "Register with email but no verification code" -Url "$baseUrl/auth/register" -Body (@{
username = "testuser_$(Get-Random)"
password = "password123"
nickname = "Test User"
email = "test@example.com"
} | ConvertTo-Json) -ExpectedStatus 400
# Test 3: Try to register with existing username (should fail with correct error)
if ($result1 -and $result1.success) {
$existingUsername = ($result1.data.user.username)
$result3 = Test-ApiCall -TestName "Register with existing username ($existingUsername)" -Url "$baseUrl/auth/register" -Body (@{
username = $existingUsername
password = "password123"
nickname = "Duplicate User"
} | ConvertTo-Json) -ExpectedStatus 400
if ($_.Exception.Response) { if ($result3 -and $result3.message -like "*用户名已存在*") {
$reader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream()) Write-Host "✅ PASS: Correct error message for existing user" -ForegroundColor Green
$responseBody = $reader.ReadToEnd() } else {
Write-Host "Response: $responseBody" -ForegroundColor Red Write-Host "❌ FAIL: Wrong error message for existing user" -ForegroundColor Red
} }
} }
Write-Host "`nTest completed!" -ForegroundColor Green # Test 4: Get verification code and register with email
Write-Host "`n📋 Get verification code and register with email" -ForegroundColor Yellow
try {
$emailResponse = Invoke-RestMethod -Uri "$baseUrl/auth/send-email-verification" -Method POST -Body (@{email = "newuser@test.com"} | ConvertTo-Json) -ContentType "application/json"
if ($emailResponse.data.verification_code) {
$verificationCode = $emailResponse.data.verification_code
Write-Host "Got verification code: $verificationCode" -ForegroundColor Green
$result4 = Test-ApiCall -TestName "Register with valid email and verification code" -Url "$baseUrl/auth/register" -Body (@{
username = "emailuser_$(Get-Random)"
password = "password123"
nickname = "Email User"
email = "newuser@test.com"
email_verification_code = $verificationCode
} | ConvertTo-Json)
if ($result4 -and $result4.success) {
Write-Host "✅ PASS: Email registration successful" -ForegroundColor Green
}
}
} catch {
Write-Host "⚠️ Could not test email verification (email service may not be configured)" -ForegroundColor Yellow
}
Write-Host "`n🎯 Test Summary" -ForegroundColor Green
Write-Host "===============" -ForegroundColor Green
Write-Host "✅ Registration logic has been fixed:" -ForegroundColor White
Write-Host " • User existence checked BEFORE verification code validation" -ForegroundColor White
Write-Host " • Proper error messages for different scenarios" -ForegroundColor White
Write-Host " • Verification codes not wasted on existing users" -ForegroundColor White

100
test-throttle.ps1
View File

@@ -1,29 +1,111 @@
# Test throttle functionality # Test throttle functionality
# 测试限流功能
#
# 主要测试内容:
# 1. 限流记录清除功能
# 2. 正常注册请求(在限流范围内)
# 3. 批量请求测试限流阈值
# 4. 验证限流配置是否正确生效
#
# 当前限流配置:
# - 注册接口10次/5分钟开发环境已放宽
# - 登录接口5次/分钟
# - 发送验证码1次/分钟
# - 密码重置3次/小时
$baseUrl = "http://localhost:3000" $baseUrl = "http://localhost:3000"
Write-Host "Testing throttle functionality..." -ForegroundColor Green Write-Host "🚦 Testing Throttle Functionality" -ForegroundColor Green
Write-Host "==================================" -ForegroundColor Green
# Test: Try to register (should work now with increased limit) # Clear throttle first
Write-Host "`nTesting register with increased throttle limit..." -ForegroundColor Yellow Write-Host "`n🔄 Clearing throttle records..." -ForegroundColor Blue
try {
$clearResponse = Invoke-RestMethod -Uri "$baseUrl/auth/debug-clear-throttle" -Method POST
Write-Host "$($clearResponse.message)" -ForegroundColor Green
} catch {
Write-Host "⚠️ Could not clear throttle records" -ForegroundColor Yellow
}
# Test normal registration (should work with increased limit)
Write-Host "`n📋 Test 1: Normal registration with increased throttle limit" -ForegroundColor Yellow
$registerData = @{ $registerData = @{
username = "testuser_throttle" username = "testuser_throttle_$(Get-Random)"
password = "password123" password = "password123"
nickname = "Test User Throttle" nickname = "Test User Throttle"
} | ConvertTo-Json } | ConvertTo-Json
try { try {
$response = Invoke-RestMethod -Uri "$baseUrl/auth/register" -Method POST -Body $registerData -ContentType "application/json" -ErrorAction Stop $response = Invoke-RestMethod -Uri "$baseUrl/auth/register" -Method POST -Body $registerData -ContentType "application/json" -ErrorAction Stop
Write-Host "Status: Success (201)" -ForegroundColor Green Write-Host "✅ SUCCESS: Registration completed" -ForegroundColor Green
Write-Host "Response: $($response.message)" -ForegroundColor Green Write-Host "Message: $($response.message)" -ForegroundColor Cyan
} catch { } catch {
$statusCode = $_.Exception.Response.StatusCode.value__ $statusCode = $_.Exception.Response.StatusCode.value__
Write-Host "Status Code: $statusCode" -ForegroundColor $(if ($statusCode -eq 429) { "Yellow" } else { "Red" }) Write-Host "❌ FAILED ($statusCode)" -ForegroundColor $(if ($statusCode -eq 429) { "Yellow" } else { "Red" })
if ($_.Exception.Response) { if ($_.Exception.Response) {
$reader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream()) $reader = New-Object System.IO.StreamReader($_.Exception.Response.GetResponseStream())
$responseBody = $reader.ReadToEnd() $responseBody = $reader.ReadToEnd()
Write-Host "Response: $responseBody" -ForegroundColor Gray $reader.Close()
try {
$errorResponse = $responseBody | ConvertFrom-Json
Write-Host "Message: $($errorResponse.message)" -ForegroundColor Cyan
if ($errorResponse.throttle_info) {
Write-Host "Throttle Info:" -ForegroundColor Gray
Write-Host " Limit: $($errorResponse.throttle_info.limit)" -ForegroundColor Gray
Write-Host " Window: $($errorResponse.throttle_info.window_seconds)s" -ForegroundColor Gray
Write-Host " Current: $($errorResponse.throttle_info.current_requests)" -ForegroundColor Gray
Write-Host " Reset: $($errorResponse.throttle_info.reset_time)" -ForegroundColor Gray
}
} catch {
Write-Host "Raw Response: $responseBody" -ForegroundColor Gray
}
} }
} }
Write-Host "`nTest completed!" -ForegroundColor Green # Test throttle limits by making multiple requests
Write-Host "`n📋 Test 2: Testing throttle limits (register endpoint: 10 requests/5min)" -ForegroundColor Yellow
$successCount = 0
$throttleCount = 0
for ($i = 1; $i -le 12; $i++) {
$testData = @{
username = "throttletest_$i"
password = "password123"
nickname = "Throttle Test $i"
} | ConvertTo-Json
try {
$response = Invoke-RestMethod -Uri "$baseUrl/auth/register" -Method POST -Body $testData -ContentType "application/json" -ErrorAction Stop
$successCount++
Write-Host " Request $i`: ✅ Success" -ForegroundColor Green
} catch {
$statusCode = $_.Exception.Response.StatusCode.value__
if ($statusCode -eq 429) {
$throttleCount++
Write-Host " Request $i`: 🚦 Throttled (429)" -ForegroundColor Yellow
} else {
Write-Host " Request $i`: ❌ Failed ($statusCode)" -ForegroundColor Red
}
}
# Small delay between requests
Start-Sleep -Milliseconds 100
}
Write-Host "`n📊 Results:" -ForegroundColor Cyan
Write-Host " Successful requests: $successCount" -ForegroundColor Green
Write-Host " Throttled requests: $throttleCount" -ForegroundColor Yellow
Write-Host " Expected behavior: ~10 success, ~2 throttled" -ForegroundColor Gray
if ($successCount -ge 8 -and $throttleCount -ge 1) {
Write-Host "✅ PASS: Throttle is working correctly" -ForegroundColor Green
} else {
Write-Host "⚠️ WARNING: Throttle behavior may need adjustment" -ForegroundColor Yellow
}
Write-Host "`n🎯 Throttle Configuration:" -ForegroundColor Green
Write-Host " Register: 10 requests / 5 minutes" -ForegroundColor White
Write-Host " Login: 5 requests / 1 minute" -ForegroundColor White
Write-Host " Send Code: 1 request / 1 minute" -ForegroundColor White
Write-Host " Password Reset: 3 requests / 1 hour" -ForegroundColor White