GithubBackup/moemail
1
0
Fork 0
mirror of https://github.com/beilunyang/moemail.git synced 2026-05-11 10:00:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(turnstile): integrate Cloudflare Turnstile for enhanced security in login and registration processes

Browse Source
This commit is contained in:
beilunyang
2025-10-22 23:31:48 +08:00
parent 1ffe920d47
commit e431c1fe5b
22 changed files with 480 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/api/auth/register/route.ts
View File

@@ -1,6 +1,7 @@
import { NextResponse } from "next/server"
import { register } from "@/lib/auth"
import { authSchema, AuthSchema } from "@/lib/validation"
import { verifyTurnstileToken } from "@/lib/turnstile"
export const runtime = "edge"
@@ -17,7 +18,16 @@ export async function POST(request: Request) {
)
}
const { username, password } = json
const { username, password, turnstileToken } = json
const verification = await verifyTurnstileToken(turnstileToken)
if (!verification.success) {
const message = verification.reason === "missing-token"
? "请先完成安全验证"
: "安全验证未通过"
return NextResponse.json({ error: message }, { status: 400 })
}
const user = await register(username, password)
return NextResponse.json({ user })
@@ -27,4 +37,4 @@ export async function POST(request: Request) {
{ status: 500 }
)
}
}
}

56
app/api/config/route.ts
View File

@@ -7,18 +7,36 @@ export const runtime = "edge"
export async function GET() {
const env = getRequestContext().env
const [defaultRole, emailDomains, adminContact, maxEmails] = await Promise.all([
const canManageConfig = await checkPermission(PERMISSIONS.MANAGE_CONFIG)
const [
defaultRole,
emailDomains,
adminContact,
maxEmails,
turnstileEnabled,
turnstileSiteKey,
turnstileSecretKey
] = await Promise.all([
env.SITE_CONFIG.get("DEFAULT_ROLE"),
env.SITE_CONFIG.get("EMAIL_DOMAINS"),
env.SITE_CONFIG.get("ADMIN_CONTACT"),
env.SITE_CONFIG.get("MAX_EMAILS")
env.SITE_CONFIG.get("MAX_EMAILS"),
env.SITE_CONFIG.get("TURNSTILE_ENABLED"),
env.SITE_CONFIG.get("TURNSTILE_SITE_KEY"),
env.SITE_CONFIG.get("TURNSTILE_SECRET_KEY")
])
return Response.json({
defaultRole: defaultRole || ROLES.CIVILIAN,
emailDomains: emailDomains || "moemail.app",
adminContact: adminContact || "",
maxEmails: maxEmails || EMAIL_CONFIG.MAX_ACTIVE_EMAILS.toString()
maxEmails: maxEmails || EMAIL_CONFIG.MAX_ACTIVE_EMAILS.toString(),
turnstile: {
enabled: turnstileEnabled === "true",
siteKey: turnstileSiteKey || "",
...(canManageConfig ? { secretKey: turnstileSecretKey || "" } : {})
}
})
}
@@ -31,24 +49,48 @@ export async function POST(request: Request) {
}, { status: 403 })
}
const { defaultRole, emailDomains, adminContact, maxEmails } = await request.json() as {
const {
defaultRole,
emailDomains,
adminContact,
maxEmails,
turnstile
} = await request.json() as {
defaultRole: Exclude<Role, typeof ROLES.EMPEROR>,
emailDomains: string,
adminContact: string,
maxEmails: string
maxEmails: string,
turnstile?: {
enabled: boolean,
siteKey: string,
secretKey: string
}
}
if (![ROLES.DUKE, ROLES.KNIGHT, ROLES.CIVILIAN].includes(defaultRole)) {
return Response.json({ error: "无效的角色" }, { status: 400 })
}
const turnstileConfig = turnstile ?? {
enabled: false,
siteKey: "",
secretKey: ""
}
if (turnstileConfig.enabled && (!turnstileConfig.siteKey || !turnstileConfig.secretKey)) {
return Response.json({ error: "Turnstile 启用时需要提供 Site Key 和 Secret Key" }, { status: 400 })
}
const env = getRequestContext().env
await Promise.all([
env.SITE_CONFIG.put("DEFAULT_ROLE", defaultRole),
env.SITE_CONFIG.put("EMAIL_DOMAINS", emailDomains),
env.SITE_CONFIG.put("ADMIN_CONTACT", adminContact),
env.SITE_CONFIG.put("MAX_EMAILS", maxEmails)
env.SITE_CONFIG.put("MAX_EMAILS", maxEmails),
env.SITE_CONFIG.put("TURNSTILE_ENABLED", turnstileConfig.enabled.toString()),
env.SITE_CONFIG.put("TURNSTILE_SITE_KEY", turnstileConfig.siteKey),
env.SITE_CONFIG.put("TURNSTILE_SECRET_KEY", turnstileConfig.secretKey)
])
return Response.json({ success: true })
}
}