fix: coderabbit review

common/totp.go

@@ -113,10 +113,7 @@ func HashBackupCode(code string) (string, error) {
 
 // Get2FAIssuer 获取2FA发行者名称
 func Get2FAIssuer() string {
-	if issuer := SystemName; issuer != "" {
-		return issuer
-	}
-	return "NewAPI"
+	return SystemName
 }
 
 // getEnvOrDefault 获取环境变量或默认值

controller/twofa.go

@@ -46,7 +46,7 @@ func Setup2FA(c *gin.Context) {
 		})
 		return
 	}
-	
+
 	// 如果存在已禁用的2FA记录，先删除它
 	if existing != nil && !existing.IsEnabled {
 		if err := existing.Delete(); err != nil {
@@ -415,8 +415,14 @@ func Verify2FALogin(c *gin.Context) {
 		})
 		return
 	}
-	userId := pendingUserId.(int)
-
+	userId, ok := pendingUserId.(int)
+	if !ok {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "会话数据无效，请重新登录",
+		})
+		return
+	}
 	// 获取用户信息
 	user, err := model.GetUserById(userId, false)
 	if err != nil {

go.mod

@@ -45,7 +45,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
-	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/boombuler/barcode v1.1.0 // indirect
 	github.com/bytedance/sonic v1.11.6 // indirect
 	github.com/bytedance/sonic/loader v0.1.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect

go.sum

@@ -22,6 +22,8 @@ github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
+github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bytedance/gopkg v0.0.0-20220118071334-3db87571198b h1:LTGVFpNmNHhj0vhOlfgWueFJ32eK9blaIlHR2ciXOT0=
 github.com/bytedance/gopkg v0.0.0-20220118071334-3db87571198b/go.mod h1:2ZlV9BaUH4+NXIBF0aMdKKAnHTzqH+iMU4KUjAbL23Q=
 github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=

model/twofa.go

@@ -9,6 +9,8 @@ import (
 	"gorm.io/gorm"
 )
 
+var ErrTwoFANotEnabled = errors.New("用户未启用2FA")
+
 // TwoFA 用户2FA设置表
 type TwoFA struct {
 	Id             int            `json:"id" gorm:"primaryKey"`
@@ -210,7 +212,7 @@ func DisableTwoFA(userId int) error {
 		return err
 	}
 	if twoFA == nil {
-		return errors.New("用户未启用2FA")
+		return ErrTwoFANotEnabled
 	}
 
 	// 删除2FA设置和备用码

web/src/components/auth/TwoFAVerification.js

@@ -16,9 +16,9 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
 
 For commercial licensing, please contact [email protected]
 */
+import { API, showError, showSuccess } from '../../helpers';
 import { Button, Card, Divider, Form, Input, Typography } from '@douyinfe/semi-ui';
 import React, { useState } from 'react';
-import { showError, showSuccess, API } from '../../helpers';
 
 const { Title, Text, Paragraph } = Typography;
 
@@ -32,6 +32,14 @@ const TwoFAVerification = ({ onSuccess, onBack, isModal = false }) => {
       showError('请输入验证码');
       return;
     }
+    // Validate code format
+    if (useBackupCode && verificationCode.length !== 8) {
+      showError('备用码必须是8位');
+      return;
+    } else if (!useBackupCode && !/^\d{6}$/.test(verificationCode)) {
+      showError('验证码必须是6位数字');
+      return;
+    }
 
     setLoading(true);
     try {