优化：给注册用户新增用户名不为空的判断逻辑

2025-12-12 11:26:26 +08:00
parent 5d85ddfa83
commit 90c288299d
436 changed files with 55 additions and 158569 deletions
--- a/WxCheckMvc/Controllers/LoginController.cs
+++ b/WxCheckMvc/Controllers/LoginController.cs
@@ -8,6 +8,7 @@ using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
+using System.Text.RegularExpressions;
 using System.Net.Http;
 using System.Text.Json;

@@ -110,7 +111,10 @@ namespace WxCheckMvc.Controllers
                {
                    await _connection.OpenAsync();
                }
-
+                if (string.IsNullOrEmpty(request.UserKey))
+                {
+                    return BadRequest(new { success = false, message = "UserKey不能为空" });
+                }
                // 检查用户是否存在
                UserResponse user = null;
                using (MySqlCommand checkCmd = new MySqlCommand("SELECT Id, UserName, UserKey, WeChatName, PhoneNumber, AvatarUrl, FirstLoginTime, IsDisabled, CreateTime, UpdateTime FROM xcx_users WHERE UserKey = @UserKey", _connection))
@@ -142,6 +146,31 @@ namespace WxCheckMvc.Controllers
                    return NotFound(new { success = false, message = "用户不存在" });
                }

+                // 在验证之前，先对 UserName 和 PhoneNumber 去除空格和标点符号
+                string cleanedUserName = request.UserName ?? string.Empty;
+                string cleanedPhoneNumber = request.PhoneNumber ?? string.Empty;
+
+                // PhoneNumber 只保留数字
+                cleanedPhoneNumber = Regex.Replace(cleanedPhoneNumber, "\\D", "");
+                // UserName 去除标点、符号和空白（保留所有字母/汉字/罕见字形以及数字）
+                cleanedUserName = Regex.Replace(cleanedUserName, @"[\p{P}\p{S}\s]+", "").Trim();
+
+                // 验证 UserName 不为空
+                if (string.IsNullOrEmpty(cleanedUserName))
+                {
+                    return BadRequest(new { success = false, message = "用户名不能为空或仅包含非法字符" });
+                }
+
+                // 验证 PhoneNumber 是否为合法手机号（以 1 开头，共 11 位数字）
+                if (!Regex.IsMatch(cleanedPhoneNumber, "^1\\d{10}$"))
+                {
+                    return BadRequest(new { success = false, message = "手机号格式错误" });
+                }
+
+                // 将清理后的值写回 request，确保更新数据库时使用清理后的值
+                request.UserName = cleanedUserName;
+                request.PhoneNumber = cleanedPhoneNumber;
+
                // 更新用户信息
                using (MySqlCommand cmd = new MySqlCommand("UPDATE xcx_users SET UserName = @UserName, WeChatName = @WeChatName, PhoneNumber = @PhoneNumber, AvatarUrl = @AvatarUrl, UpdateTime = NOW() WHERE UserKey = @UserKey", _connection))
                {
@@ -296,7 +325,7 @@ namespace WxCheckMvc.Controllers
    public class RegisterRequest
    {
        public string UserName { get; set; }
-        public string UserKey { get; set; } // 改为直接传入UserKey
+        public string UserKey { get; set; } 
        public string WeChatName { get; set; }
        public string PhoneNumber { get; set; }
        public string AvatarUrl { get; set; }