CarrotSkin/backend
6
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

添加 HTML 转义,防止邮件内容中的 HTML 注入攻击 #3

Open
WuYvbo wants to merge 3 commits from email into dev
pull from: email
merge into: CarrotSkin:dev
Conversation 1 Commits 3 Files Changed 8 +22
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9219e8c6ea - Show all commits

10
internal/handler/auth_handler.go
View File

@@ -117,6 +117,16 @@ func (h *AuthHandler) SendVerificationCode(c *gin.Context) {
return return
} }
// 验证邮箱格式
if !isValidEmail(req.Email) {
h.logger.Warn("发送验证码失败:邮箱格式错误",
zap.String("email", req.Email),
)
RespondBadRequest(c, "邮箱格式错误", nil)
return
}
// 调用服务发送验证码
if err := h.container.VerificationService.SendCode(c.Request.Context(), req.Email, req.Type); err != nil { if err := h.container.VerificationService.SendCode(c.Request.Context(), req.Email, req.Type); err != nil {
h.logger.Error("发送验证码失败", h.logger.Error("发送验证码失败",
zap.String("email", req.Email), zap.String("email", req.Email),

12
internal/handler/helpers.go
View File

@@ -5,6 +5,7 @@ import (
"carrotskin/internal/model" "carrotskin/internal/model"
"carrotskin/internal/types" "carrotskin/internal/types"
"net/http" "net/http"
"regexp"
"strconv" "strconv"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
@@ -227,3 +228,14 @@ func RespondWithError(c *gin.Context, err error) {
// 默认返回500错误 // 默认返回500错误
RespondServerError(c, err.Error(), err) RespondServerError(c, err.Error(), err)
} }
// isValidEmail 验证邮箱格式
func isValidEmail(email string) bool {
if email == "" {
return false
}
// 更严格的邮箱格式验证
emailRegex := `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`
matched, _ := regexp.MatchString(emailRegex, email)
return matched
}