🐛 修复邮箱验证链接无效的问题

- 修复 UserDB.create() 中 verification_token 未哈希存储的bug - 注册时的token现在会进行SHA256哈希，与验证时的逻辑保持一致 - 解决"无效或已过期的验证链接"错误问题原因：注册时存储原文token，验证时用哈希后的token匹配，导致永远匹配不上 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-25 12:21:11 +08:00
parent 3824f1ab82
commit b188679f19
1 changed files with 6 additions and 1 deletions
--- a/backend/database.js
+++ b/backend/database.js
@@ -192,6 +192,11 @@ const UserDB = {

    const hasFtpConfig = userData.ftp_host && userData.ftp_user && userData.ftp_password ? 1 : 0;

+    // 对验证令牌进行哈希存储（与 VerificationDB.setVerification 保持一致）
+    const hashedVerificationToken = userData.verification_token
+      ? crypto.createHash('sha256').update(userData.verification_token).digest('hex')
+      : null;
+
    const stmt = db.prepare(`
      INSERT INTO users (
        username, email, password,
@@ -212,7 +217,7 @@ const UserDB = {
      userData.http_download_base_url || null,
      hasFtpConfig,
      userData.is_verified !== undefined ? userData.is_verified : 0,
-      userData.verification_token || null,
+      hashedVerificationToken,
      userData.verification_expires_at || null
    );