npm - @flun/html-template - Versions diffs - 5.0.0 → 5.0.1 - Mend

@flun/html-template 5.0.0 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/f-CHANGELOG.md +9 -4
package/package.json +1 -1
package/templates/account/2fa.html +17 -23

package/f-CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,12 @@
 # 变更日志
+## [5.0.1] - 2026-06-10 11:59
+### 紧急修复
+- 修复二次验证报错问题：
+  - 修复前端脚本语法错误（可选链非法赋值、逗号表达式歧义）。
+  - 修正二次验证接口请求字段名（`input` → `token`），使其与后端匹配。
+  - 优化验证逻辑，使用统一输入框/按钮引用，避免重复代码。
+- 二次验证（TOTP、备份码、WebAuthn）功能恢复正常。
+> **请快更新和替换该文件(`2fa.html`)**
 ## [5.0.0] - 2026-06-10 10:05
 ### 重大更新
 - 对templates/account目录中的页面结构进行了大面积优化,如果你是老用户请注意对比迁移!!!;
@@ -10,7 +18,4 @@
 - customize\account.js文件为配合上述功能实现也做了相应适配;
 ## [4.4.3] - 2026-06-05 22:16
 ### 优化
-- 模板中用户页面的移动端样式适配;
-## [4.4.2] - 2026-05-31 15:08
-### 修复
-- 修复全局中间件中 `getCurrentUser(req)` 返回 `null` 时解构报错导致服务崩溃的问题,增加空值判断并自动清理无效登录态;
+- 模板中用户页面的移动端样式适配;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@flun/html-template",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "description": "一个HTML模板工具包,提供开发服务器和模板编译功能,支持自定义标签和快捷输入,变量定义,包含文件引用,帮助开发者模块化处理HTML;",
   "main": "index.js",
   "types": "index.d.ts",

package/templates/account/2fa.html CHANGED Viewed

@@ -141,10 +141,10 @@
         <h2>双因素验证</h2>
         <!-- TOTP 模式区域 -->
-        <div id="totpSection">
+        <div id="totpSection" hidden>
             <p id="promptText">请输入身份验证器中的6位数字验证码</p>
             <div class="form-group">
-                <input type="text" id="tokenInput" placeholder="6位验证码" maxlength="6" autofocus
+                <input type="text" id="totpInput" placeholder="6位验证码" maxlength="6" autofocus
                     autocomplete="one-time-code" class="totp-input">
             </div>
             <button type="button" class="btn" id="verifyTotpBtn">验证</button>
@@ -176,8 +176,8 @@
     <script src="/static/topImg.js" defer></script>
     <script src="/static/utils/browser.js"></script>
     <script>
-        const [totpSection, webauthnSection, backupPanel, messageDiv, tokenInput, verifyTotpBtn, backupCodeInput, submitBackupBtn,
-            retryHardwareBtn] = ['totpSection', 'webauthnSection', 'backupPanel', 'message', 'tokenInput',
+        const [totpSection, webauthnSection, backupPanel, messageDiv, totpInput, verifyTotpBtn, backupCodeInput, submitBackupBtn,
+            retryHardwareBtn] = ['totpSection', 'webauthnSection', 'backupPanel', 'message', 'totpInput',
                 'verifyTotpBtn', 'backupCodeInput', 'submitBackupBtn', 'retryHardwareBtn']
                 .map(id => document.getElementById(id)),
             urlParams = new URLSearchParams(window.location.search), method = urlParams.get('method'),
@@ -187,7 +187,7 @@
         const setMessage = msg => messageDiv.textContent = msg, clearMessage = () => messageDiv.textContent = '',
             // 禁用/启用表单控件
             setFormDisabled = disabled => {
-                const inputs = [tokenInput, backupCodeInput, verifyTotpBtn, submitBackupBtn, retryHardwareBtn];
+                const inputs = [totpInput, backupCodeInput, verifyTotpBtn, submitBackupBtn, retryHardwareBtn];
                 inputs.forEach(el => { if (el) el.disabled = disabled; });
             },
             // 显示备份码面板
@@ -197,25 +197,25 @@
                 backupCodeInput.value = '', backupCodeInput.focus();
             },
             // 统一处理验证响应（TOTP 和备份码共用）
-            handleVerifyResponse = async input => {
-                if (!input) {
+            handleVerifyResponse = async token => {
+                if (!token) {
                     setMessage('请输入验证码/备用码');
                     return false;
                 }
-                const isToken = input.length === 6, isBackup = input.length === 10;
-                if (!isToken && !isBackup) {
+                const totp = token.length === 6, isBackup = token.length === 10;
+                if (!totp && !isBackup) {
                     setMessage('验证码必须为6位数字,备用码为10位');
                     return false;
                 }
                 // 临时禁用提交按钮防止重复请求
-                const activeBtn = isToken ? verifyTotpBtn : submitBackupBtn;
+                const [activeInput, activeBtn] = totp ? [totpInput, verifyTotpBtn] : [backupCodeInput, submitBackupBtn];
                 activeBtn.disabled = true, clearMessage();
                 try {
                     const response = await fetch('/api/verify-2fa', {
                         method: 'POST', headers: { 'Content-Type': 'application/json' },
-                        body: JSON.stringify({ input })
+                        body: JSON.stringify({ token })
                     }), data = await response.json();
                     if (response.ok) {
@@ -233,16 +233,10 @@
                     if (data.remainingAttempts !== undefined) {
                         const failuresSoFar = 9 - data.remainingAttempts;
                         setMessage(`${data.message} (已失败 ${failuresSoFar} 次)`);
-                        if (failuresSoFar >= maxNum && isToken) showBackupPanel(`连续失败 ${failuresSoFar} 次,请使用备用码登录`);
+                        if (failuresSoFar >= maxNum && totp) showBackupPanel(`连续失败 ${failuresSoFar} 次,请使用备用码登录`);
                     }
                     else setMessage(data.message);
-                    // 清空输入框,准备下次尝试
-                    tokenInput?.value = '', backupCodeInput?.value = '', activeBtn.disabled = false;
-                    // 判断焦点归属
-                    if (isBackup) backupCodeInput.focus();
-                    else if (isToken) tokenInput.focus();
+                    activeInput.value = '', activeInput.focus(), activeBtn.disabled = false;
                     return false;
                 } catch (err) {
                     setMessage(err.message), activeBtn.disabled = false;
@@ -250,7 +244,7 @@
                 }
             },
             // TOTP验证和备份码提交入口
-            performTotpVerification = () => handleVerifyResponse(tokenInput.value.trim()),
+            performTotpVerification = () => handleVerifyResponse(totpInput.value.trim()),
             submitBackupCode = () => handleVerifyResponse(backupCodeInput.value.trim()),
             // 硬件验证核心
             performHardwareVerification = async () => {
@@ -305,7 +299,7 @@
                 backupPanel.hidden = true;
                 if (method === 'webauthn')
                     totpSection.hidden = true, webauthnSection.hidden = false, performHardwareVerification().catch(e => console.warn(e));
-                else totpSection.hidden = false, webauthnSection.hidden = true, tokenInput.maxLength = 6, tokenInput.focus();
+                else totpSection.hidden = false, webauthnSection.hidden = true, totpInput.focus();
                 // 事件监听
                 submitBackupBtn.addEventListener('click', submitBackupCode);
@@ -313,10 +307,10 @@
                 backupCodeInput.addEventListener('keypress', e => {
                     if (e.key === 'Enter') submitBackupCode();
                 });
-                tokenInput.addEventListener('keypress', e => {
+                totpInput.addEventListener('keypress', e => {
                     if (e.key === 'Enter') performTotpVerification();
                 });
-                [backupCodeInput, tokenInput].forEach(el => el.addEventListener('input', clearMessage));
+                [backupCodeInput, totpInput].forEach(el => el.addEventListener('input', clearMessage));
             };
         initPage();