237899745/zsglpt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: harden proxy IP trust, token flow, health and sessions

Browse Source
This commit is contained in:
yuyx
2026-02-09 09:14:47 +08:00
parent f645a0f8ea
commit ebfac7266b
7 changed files with 199 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
routes/api_user.py
View File

@@ -321,13 +321,16 @@ def bind_user_email():
@api_user_bp.route("/api/verify-bind-email/<token>")
def verify_bind_email(token):
"""验证邮箱绑定Token"""
result = email_service.verify_bind_email_token(token)
result = email_service.verify_bind_email_token(token, consume=False)
if result:
token_id = result["token_id"]
user_id = result["user_id"]
email = result["email"]
if database.update_user_email(user_id, email, verified=True):
if not email_service.consume_email_token(token_id):
logger.warning(f"邮箱绑定成功但Token消费失败: token_id={token_id}, user_id={user_id}")
return _render_verify_bind_success(email)
return _render_verify_bind_failed(title="绑定失败", error_message="邮箱绑定失败,请重试")