From 548165ab4ad326ca70bc832be3453ef1a6870dc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=97=E5=AD=90?= <haozi@loli.email>
Date: Fri, 23 May 2025 10:24:37 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=B8=A4=E6=AD=A5=E9=AA=8C=E8=AF=81?=
 =?UTF-8?q?=E4=BD=BF=E7=94=A8SHA1=E7=AE=97=E6=B3=95=EF=BC=88=E4=B8=BA?=
 =?UTF-8?q?=E4=BA=86=E5=85=BC=E5=AE=B9=E6=80=A7=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/data/user.go    | 15 +++------------
 internal/service/user.go |  8 +-------
 2 files changed, 4 insertions(+), 19 deletions(-)

diff --git a/internal/data/user.go b/internal/data/user.go
index b57c5bf8..ba5bf9a8 100644
--- a/internal/data/user.go
+++ b/internal/data/user.go
@@ -3,7 +3,6 @@ package data
 import (
 	"errors"
 	"image"
-	"time"
 
 	"github.com/go-rat/utils/hash"
 	"github.com/leonelquinteros/gotext"
@@ -145,7 +144,7 @@ func (r *userRepo) GenerateTwoFA(id uint) (image.Image, string, string, error) {
 		Issuer:      "RatPanel",
 		AccountName: cast.ToString(id),
 		SecretSize:  32,
-		Algorithm:   otp.AlgorithmSHA256,
+		Algorithm:   otp.AlgorithmSHA1,
 	})
 	if err != nil {
 		return nil, "", "", err
@@ -167,11 +166,7 @@ func (r *userRepo) UpdateTwoFA(id uint, code, secret string) error {
 
 	// 保存前先验证一次，防止错误开启
 	if secret != "" {
-		if valid, _ := totp.ValidateCustom(code, secret, time.Now().UTC(), totp.ValidateOpts{
-			Skew:      1,
-			Digits:    otp.DigitsSix,
-			Algorithm: otp.AlgorithmSHA256,
-		}); !valid {
+		if valid := totp.Validate(code, secret); !valid {
 			return errors.New(r.t.Get("invalid 2FA code"))
 		}
 	}
@@ -190,11 +185,7 @@ func (r *userRepo) CheckTwoFA(id uint, code string) (bool, error) {
 		return true, nil // 未开启2FA，无需验证
 	}
 
-	if valid, _ := totp.ValidateCustom(code, user.TwoFA, time.Now().UTC(), totp.ValidateOpts{
-		Skew:      1,
-		Digits:    otp.DigitsSix,
-		Algorithm: otp.AlgorithmSHA256,
-	}); !valid {
+	if valid := totp.Validate(code, user.TwoFA); !valid {
 		return false, errors.New(r.t.Get("invalid 2FA code"))
 	}
 
diff --git a/internal/service/user.go b/internal/service/user.go
index 875d379b..0ed07510 100644
--- a/internal/service/user.go
+++ b/internal/service/user.go
@@ -11,13 +11,11 @@ import (
 	"net"
 	"net/http"
 	"strings"
-	"time"
 
 	"github.com/go-rat/chix"
 	"github.com/go-rat/sessions"
 	"github.com/knadh/koanf/v2"
 	"github.com/leonelquinteros/gotext"
-	"github.com/pquerna/otp"
 	"github.com/pquerna/otp/totp"
 	"github.com/spf13/cast"
 
@@ -94,11 +92,7 @@ func (s *UserService) Login(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if user.TwoFA != "" {
-		if valid, _ := totp.ValidateCustom(req.PassCode, user.TwoFA, time.Now().UTC(), totp.ValidateOpts{
-			Skew:      1,
-			Digits:    otp.DigitsSix,
-			Algorithm: otp.AlgorithmSHA256,
-		}); !valid {
+		if valid := totp.Validate(req.PassCode, user.TwoFA); !valid {
 			Error(w, http.StatusForbidden, s.t.Get("invalid 2FA code"))
 			return
 		}