Merge branch '1028_bugfix' into feature_2025/1028_bugfix

* 1028_bugfix:
  手机号格式适配-前端修改
  添加微信扫码的几种其他状态
  整合register端口进入login端口

app.py

@@ -1849,6 +1849,15 @@ def send_verification_code():
         if not credential or not code_type:
             return jsonify({'success': False, 'error': '缺少必要参数'}), 400
 
+        # 清理格式字符（空格、横线、括号等）
+        if code_type == 'phone':
+            # 移除手机号中的空格、横线、括号、加号等格式字符
+            credential = re.sub(r'[\s\-\(\)\+]', '', credential)
+            print(f"📱 清理后的手机号: {credential}")
+        elif code_type == 'email':
+            # 邮箱只移除空格
+            credential = credential.strip()
+
         # 生成验证码
         verification_code = generate_verification_code()
 
@@ -1907,6 +1916,17 @@ def login_with_verification_code():
         if not credential or not verification_code or not login_type:
             return jsonify({'success': False, 'error': '缺少必要参数'}), 400
 
+        # 清理格式字符（空格、横线、括号等）
+        if login_type == 'phone':
+            # 移除手机号中的空格、横线、括号、加号等格式字符
+            original_credential = credential
+            credential = re.sub(r'[\s\-\(\)\+]', '', credential)
+            if original_credential != credential:
+                print(f"📱 登录时清理手机号: {original_credential} -> {credential}")
+        elif login_type == 'email':
+            # 邮箱只移除前后空格
+            credential = credential.strip()
+
         # 检查验证码
         session_key = f'verification_code_{login_type}_{credential}_login'
         stored_code_info = session.get(session_key)
@@ -1968,12 +1988,51 @@ def login_with_verification_code():
                     username = f"{base_username}_{counter}"
                     counter += 1
 
+        # 如果用户不存在，自动创建新用户
+        if not user:
+            try:
+                # 生成用户名
+                if login_type == 'phone':
+                    # 使用手机号生成用户名
+                    base_username = f"用户{credential[-4:]}"
+                elif login_type == 'email':
+                    # 使用邮箱前缀生成用户名
+                    base_username = credential.split('@')[0]
+                else:
+                    base_username = "新用户"
+
+                # 确保用户名唯一
+                username = base_username
+                counter = 1
+                while User.is_username_taken(username):
+                    username = f"{base_username}_{counter}"
+                    counter += 1
+
                 # 创建新用户
-                user = User(username=username, email=credential)
-                user.email_confirmed = True
+                user = User(username=username)
+
+                # 设置手机号或邮箱
+                if login_type == 'phone':
+                    user.phone = credential
+                elif login_type == 'email':
+                    user.email = credential
+
+                # 设置默认密码（使用随机密码，用户后续可以修改）
+                user.set_password(uuid.uuid4().hex)
+                user.status = 'active'
+                user.nickname = username
+
                 db.session.add(user)
                 db.session.commit()
 
+                is_new_user = True
+                print(f"✅ 自动创建新用户: {username}, {login_type}: {credential}")
+
+            except Exception as e:
+                print(f"❌ 创建用户失败: {e}")
+                db.session.rollback()
+                return jsonify({'success': False, 'error': '创建用户失败'}), 500
+
         # 清除验证码
         session.pop(session_key, None)
 
@@ -1989,10 +2048,13 @@ def login_with_verification_code():
         # 更新最后登录时间
         user.update_last_seen()
 
+        # 根据是否为新用户返回不同的消息
+        message = '注册成功，欢迎加入！' if is_new_user else '登录成功'
+
         return jsonify({
             'success': True,
-            'message': '注册成功' if is_new_user else '登录成功',
-            'isNewUser': is_new_user,
+            'message': message,
+            'is_new_user': is_new_user,
             'user': {
                 'id': user.id,
                 'username': user.username,
@@ -2004,6 +2066,59 @@ def login_with_verification_code():
             }
         })
 
+    except Exception as e:
+        print(f"验证码登录错误: {e}")
+        db.session.rollback()
+        return jsonify({'success': False, 'error': '登录失败'}), 500
+
+
+@app.route('/api/auth/register', methods=['POST'])
+def register():
+    """用户注册 - 使用Session"""
+    username = request.form.get('username')
+    email = request.form.get('email')
+    password = request.form.get('password')
+
+    # 验证输入
+    if not all([username, email, password]):
+        return jsonify({'success': False, 'error': '所有字段都是必填的'}), 400
+
+    # 检查用户名和邮箱是否已存在
+    if User.is_username_taken(username):
+        return jsonify({'success': False, 'error': '用户名已存在'}), 400
+
+    if User.is_email_taken(email):
+        return jsonify({'success': False, 'error': '邮箱已被使用'}), 400
+
+    try:
+        # 创建新用户
+        user = User(username=username, email=email)
+        user.set_password(password)
+        user.email_confirmed = True  # 暂时默认已确认
+
+        db.session.add(user)
+        db.session.commit()
+
+        # 自动登录
+        session.permanent = True
+        session['user_id'] = user.id
+        session['username'] = user.username
+        session['logged_in'] = True
+
+        # Flask-Login 登录
+        login_user(user, remember=True)
+
+        return jsonify({
+            'success': True,
+            'message': '注册成功',
+            'user': {
+                'id': user.id,
+                'username': user.username,
+                'nickname': user.nickname or user.username,
+                'email': user.email
+            }
+        }), 201
+
     except Exception as e:
         db.session.rollback()
         print(f"验证码登录/注册错误: {e}")
@@ -2611,8 +2726,19 @@ def wechat_callback():
     state = request.args.get('state')
     error = request.args.get('error')
 
-    # 错误处理
-    if error or not code or not state:
+    # 错误处理：用户拒绝授权
+    if error:
+        if state in wechat_qr_sessions:
+            wechat_qr_sessions[state]['status'] = 'auth_denied'
+            wechat_qr_sessions[state]['error'] = '用户拒绝授权'
+            print(f"❌ 用户拒绝授权: state={state}")
+        return redirect('/auth/signin?error=wechat_auth_denied')
+
+    # 参数验证
+    if not code or not state:
+        if state in wechat_qr_sessions:
+            wechat_qr_sessions[state]['status'] = 'auth_failed'
+            wechat_qr_sessions[state]['error'] = '授权参数缺失'
         return redirect('/auth/signin?error=wechat_auth_failed')
 
     # 验证state
@@ -2627,14 +2753,28 @@ def wechat_callback():
         return redirect('/auth/signin?error=session_expired')
 
     try:
-        # 获取access_token
+        # 步骤1: 用户已扫码并授权（微信回调过来说明用户已完成扫码+授权）
+        session_data['status'] = 'scanned'
+        print(f"✅ 微信扫码回调: state={state}, code={code[:10]}...")
+
+        # 步骤2: 获取access_token
         token_data = get_wechat_access_token(code)
         if not token_data:
+            session_data['status'] = 'auth_failed'
+            session_data['error'] = '获取访问令牌失败'
+            print(f"❌ 获取微信access_token失败: state={state}")
             return redirect('/auth/signin?error=token_failed')
 
-        # 获取用户信息
+        # 步骤3: Token获取成功，标记为已授权
+        session_data['status'] = 'authorized'
+        print(f"✅ 微信授权成功: openid={token_data['openid']}")
+
+        # 步骤4: 获取用户信息
         user_info = get_wechat_userinfo(token_data['access_token'], token_data['openid'])
         if not user_info:
+            session_data['status'] = 'auth_failed'
+            session_data['error'] = '获取用户信息失败'
+            print(f"❌ 获取微信用户信息失败: openid={token_data['openid']}")
             return redirect('/auth/signin?error=userinfo_failed')
 
         # 查找或创建用户 / 或处理绑定
@@ -2679,6 +2819,8 @@ def wechat_callback():
                 return redirect('/home?bind=failed')
 
         user = None
+        is_new_user = False
+
         if unionid:
             user = User.query.filter_by(wechat_union_id=unionid).first()
         if not user:
@@ -2709,6 +2851,9 @@ def wechat_callback():
             db.session.add(user)
             db.session.commit()
 
+            is_new_user = True
+            print(f"✅ 微信扫码自动创建新用户: {username}, openid: {openid}")
+
         # 更新最后登录时间
         user.update_last_seen()
 
@@ -2722,18 +2867,30 @@ def wechat_callback():
         # Flask-Login 登录
         login_user(user, remember=True)
 
-        # 清理微信session（仅登录/注册流程清理；绑定流程在上方已处理，不在此处清理）
+        # 更新微信session状态，供前端轮询检测
         if state in wechat_qr_sessions:
-            # 仅当不是绑定流程，或没有模式信息时清理
-            if not wechat_qr_sessions[state].get('mode'):
-                del wechat_qr_sessions[state]
+            session_item = wechat_qr_sessions[state]
+            # 仅处理登录/注册流程，不处理绑定流程
+            if not session_item.get('mode'):
+                # 更新状态和用户信息
+                session_item['status'] = 'register_ready' if is_new_user else 'login_ready'
+                session_item['user_info'] = {'user_id': user.id}
+                print(f"✅ 微信扫码状态已更新: {session_item['status']}, user_id: {user.id}")
 
         # 直接跳转到首页
         return redirect('/home')
 
     except Exception as e:
         print(f"❌ 微信登录失败: {e}")
+        import traceback
+        traceback.print_exc()
         db.session.rollback()
+
+        # 更新session状态为失败
+        if state in wechat_qr_sessions:
+            wechat_qr_sessions[state]['status'] = 'auth_failed'
+            wechat_qr_sessions[state]['error'] = str(e)
+
         return redirect('/auth/signin?error=login_failed')