fix(desktop):fix verification code restriction (#4449)

labring · Jan 2, 2024 · 873894f · 873894f
1 parent 1ea7542
commit 873894f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 11 deletions.
diff --git a/frontend/desktop/src/pages/api/auth/phone/sms.ts b/frontend/desktop/src/pages/api/auth/phone/sms.ts
@@ -20,14 +20,18 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     if (!enableSms()) {
       throw new Error('SMS is not enabled');
     }
-    const { phoneNumbers } = req.body;
-    if (!(await checkSendable(phoneNumbers))) {
+    const { phoneNumbers } = req.body as { phoneNumbers?: string };
+    if (!phoneNumbers)
+      return jsonRes(res, {
+        message: 'phoneNumbers is invalid',
+        code: 400
+      });
+    if (!(await checkSendable({ phone: phoneNumbers }))) {
       return jsonRes(res, {
         message: 'code already sent',
         code: 400
       });
     }
-
     // randomly generate six bit check code
     const code = Math.floor(Math.random() * 900000 + 100000).toString();
     const sendSmsRequest = new dysmsapi.SendSmsRequest({

diff --git a/frontend/desktop/src/services/backend/db/verifyCode.ts b/frontend/desktop/src/services/backend/db/verifyCode.ts
@@ -3,13 +3,13 @@ import { connectToDatabase } from './mongodb';
 type TVerification_Codes = {
   phone: string;
   code: string;
-  createdTime: number;
+  createdAt: Date;
 };
 
 async function connectToUserCollection() {
   const client = await connectToDatabase();
   const collection = client.db().collection<TVerification_Codes>('verification_codes');
-  await collection.createIndex({ createdTime: 1 }, { expireAfterSeconds: 60 * 5 });
+  await collection.createIndex({ createdAt: 1 }, { expireAfterSeconds: 60 * 5 });
   return collection;
 }
 
@@ -23,7 +23,7 @@ export async function addOrUpdateCode({ phone, code }: { phone: string; code: st
     {
       $set: {
         code,
-        createdTime: new Date().getTime()
+        createdAt: new Date()
       }
     },
     {
@@ -37,10 +37,9 @@ export async function checkSendable({ phone }: { phone: string }) {
   const codes = await connectToUserCollection();
   const result = await codes.findOne({
     phone,
-    createdTime: {
+    createdAt: {
       // 在区间范围内找到就是已经发送过了，不能再发了
-      $gt: new Date().getTime() - 60 * 1000,
-      $lt: new Date().getTime()
+      $gt: new Date(new Date().getTime() - 60 * 1000)
     }
   });
   return !result;
@@ -51,9 +50,9 @@ export async function checkCode({ phone, code }: { phone: string; code: string }
   const result = await codes.findOne({
     phone,
     code,
-    createdTime: {
+    createdAt: {
       // 5分钟内有效
-      $gt: new Date().getTime() - 5 * 60 * 1000
+      $gt: new Date(new Date().getTime() - 5 * 60 * 1000)
     }
   });
   return !!result;