feat(auth): implement password reset with Google Authenticator verification (#537)

实现忘记密码功能,用户可以通过邮箱和Google Authenticator验证码重置密码。
**后端改动:**
- 添加 `/api/reset-password` 接口
- 实现 `UpdateUserPassword` 数据库方法
- 验证邮箱、OTP和新密码
**前端改动:**
- 新增 `ResetPasswordPage` 组件
- 在登录页面添加"忘记密码"链接
- 实现密码重置表单(新密码、确认密码、OTP验证)
- 添加密码可见性切换功能
- 支持中英文国际化
**安全特性:**
- 要求Google Authenticator验证
- 密码强度验证(最少6位)
- 密码确认匹配检查
- 密码哈希存储
Co-authored-by: tinkle-community <tinklefund@gmail.com>
This commit is contained in:
Sue
2025-11-05 21:01:18 +08:00
committed by GitHub
parent cc6dc8edaa
commit 96ed2c6ea7
8 changed files with 329 additions and 0 deletions

View File

@@ -37,6 +37,11 @@ interface AuthContextType {
userID: string,
otpCode: string
) => Promise<{ success: boolean; message?: string }>
resetPassword: (
email: string,
newPassword: string,
otpCode: string
) => Promise<{ success: boolean; message?: string }>
logout: () => void
isLoading: boolean
}
@@ -220,6 +225,36 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
}
}
const resetPassword = async (
email: string,
newPassword: string,
otpCode: string
) => {
try {
const response = await fetch('/api/reset-password', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email,
new_password: newPassword,
otp_code: otpCode,
}),
})
const data = await response.json()
if (response.ok) {
return { success: true, message: data.message }
} else {
return { success: false, message: data.error }
}
} catch (error) {
return { success: false, message: '密码重置失败,请重试' }
}
}
const logout = () => {
setUser(null)
setToken(null)
@@ -236,6 +271,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
register,
verifyOTP,
completeRegistration,
resetPassword,
logout,
isLoading,
}}