feat: 发送验证码时校验用户是否存在

- /send-code 接口增加用户存在性校验 - 手机号未注册时返回 404 '用户不存在' - 验证码校验仍 bypass（测试期间）
2026-05-08 18:13:20 +08:00
parent ef991e8c0f
commit 8fd68fc25e
1 changed files with 10 additions and 0 deletions
@@ -17,6 +17,7 @@ from __future__ import annotations
 from fastapi import APIRouter, Depends, HTTPException, Request, status

 from app.api.deps import get_current_user
+from app.crud import user as user_crud
 from app.db.session import AsyncSession, get_db
 from app.models.user import User
 from app.schemas.auth import (
@@ -40,6 +41,7 @@ router = APIRouter()
@router.post("/send-code", response_model=ApiResponse[dict])
 async def send_code(
    request: SendSmsCodeRequest,
+    db: AsyncSession = Depends(get_db),
 ):
    """
    发送短信验证码
@@ -47,6 +49,14 @@ async def send_code(
    开发阶段验证码直接打印到日志，生产环境接入短信服务商。
    每个手机号每日最多发送 10 次。
    """
+    # 校验用户是否存在
+    user = await user_crud.get_by_mobile(db, mobile=request.mobile)
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="用户不存在",
+        )
+
    try:
        await send_sms_code(request.mobile)
    except ValueError as e: