From 9219e8c6eaa9583edefa42184057f5ca0ab6dd6f Mon Sep 17 00:00:00 2001
From: WuYuuuub <625806558@qq.com>
Date: Wed, 14 Jan 2026 15:39:38 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=BA=86=E6=9B=B4=E4=B8=A5?=
 =?UTF-8?q?=E6=A0=BC=E7=9A=84=E9=82=AE=E7=AE=B1=E6=A0=BC=E5=BC=8F=E6=A3=80?=
 =?UTF-8?q?=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/handler/auth_handler.go | 10 ++++++++++
 internal/handler/helpers.go      | 12 ++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/internal/handler/auth_handler.go b/internal/handler/auth_handler.go
index ec9cb03..7cf3878 100644
--- a/internal/handler/auth_handler.go
+++ b/internal/handler/auth_handler.go
@@ -117,6 +117,16 @@ func (h *AuthHandler) SendVerificationCode(c *gin.Context) {
 		return
 	}
 
+	// 验证邮箱格式
+	if !isValidEmail(req.Email) {
+		h.logger.Warn("发送验证码失败：邮箱格式错误",
+			zap.String("email", req.Email),
+		)
+		RespondBadRequest(c, "邮箱格式错误", nil)
+		return
+	}
+
+	// 调用服务发送验证码
 	if err := h.container.VerificationService.SendCode(c.Request.Context(), req.Email, req.Type); err != nil {
 		h.logger.Error("发送验证码失败",
 			zap.String("email", req.Email),
diff --git a/internal/handler/helpers.go b/internal/handler/helpers.go
index 8d32149..19a6c60 100644
--- a/internal/handler/helpers.go
+++ b/internal/handler/helpers.go
@@ -5,6 +5,7 @@ import (
 	"carrotskin/internal/model"
 	"carrotskin/internal/types"
 	"net/http"
+	"regexp"
 	"strconv"
 
 	"github.com/gin-gonic/gin"
@@ -227,3 +228,14 @@ func RespondWithError(c *gin.Context, err error) {
 	// 默认返回500错误
 	RespondServerError(c, err.Error(), err)
 }
+
+// isValidEmail 验证邮箱格式
+func isValidEmail(email string) bool {
+	if email == "" {
+		return false
+	}
+	// 更严格的邮箱格式验证
+	emailRegex := `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`
+	matched, _ := regexp.MatchString(emailRegex, email)
+	return matched
+}