Update the login captcha verify logic (#815)

wu-clan · web-flow · commit f417374f3ede · 2025-09-12T21:02:21.000+08:00
diff --git a/backend/app/admin/api/v1/auth/captcha.py b/backend/app/admin/api/v1/auth/captcha.py
@@ -1,5 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
+from uuid import uuid4
+
 from fast_captcha import img_captcha
 from fastapi import APIRouter, Depends, Request
 from fastapi_limiter.depends import RateLimiter
@@ -24,11 +26,11 @@ async def get_captcha(request: Request) -> ResponseSchemaModel[GetCaptchaDetail]
     """
     img_type: str = 'base64'
     img, code = await run_in_threadpool(img_captcha, img_byte=img_type)
-    ip = request.state.ip
+    uuid = str(uuid4())
     await redis_client.set(
-        f'{settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{ip}',
+        f'{settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{uuid}',
         code,
         ex=settings.CAPTCHA_LOGIN_EXPIRE_SECONDS,
     )
-    data = GetCaptchaDetail(image_type=img_type, image=img)
+    data = GetCaptchaDetail(uuid=uuid, img_type=img_type, image=img)
     return response_base.success(data=data)
diff --git a/backend/app/admin/schema/captcha.py b/backend/app/admin/schema/captcha.py
@@ -8,5 +8,6 @@
 class GetCaptchaDetail(SchemaBase):
     """验证码详情"""
 
-    image_type: str = Field(description='图片类型')
+    uuid: str = Field(description='图片唯一标识')
+    img_type: str = Field(description='图片类型')
     image: str = Field(description='图片内容')
diff --git a/backend/app/admin/schema/user.py b/backend/app/admin/schema/user.py
@@ -22,6 +22,7 @@ class AuthSchemaBase(SchemaBase):
 class AuthLoginParam(AuthSchemaBase):
     """用户登录参数"""
 
+    uuid: str = Field(description='验证码 UUID')
     captcha: str = Field(description='验证码')
 
 
diff --git a/backend/app/admin/service/auth_service.py b/backend/app/admin/service/auth_service.py
@@ -92,12 +92,12 @@ async def login(
             user = None
             try:
                 user = await self.user_verify(db, obj.username, obj.password)
-                captcha_code = await redis_client.get(f'{settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{request.state.ip}')
+                captcha_code = await redis_client.get(f'{settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{obj.uuid}')
                 if not captcha_code:
                     raise errors.RequestError(msg=t('error.captcha.expired'))
                 if captcha_code.lower() != obj.captcha.lower():
                     raise errors.CustomError(error=CustomErrorCode.CAPTCHA_ERROR)
-                await redis_client.delete(f'{settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{request.state.ip}')
+                await redis_client.delete(f'{settings.CAPTCHA_LOGIN_REDIS_PREFIX}:{obj.uuid}')
                 await user_dao.update_login_time(db, obj.username)
                 await db.refresh(user)
                 access_token = await create_access_token(
