feat: add email verification code for registration and optimize email service

- Add POST /user/email/code endpoint to send 6-digit verification code
- Require email code verification before completing registration
- Add email code cache with 10min TTL and 5/day send rate limit
- Fix nil client guard, TLS conn leak, domain parsing, and Resend error body in email pkg
- Deploy via ssh inline command using current branch

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

internal/model/user/user.go

@@ -23,9 +23,16 @@ type UserInfoResponse struct {
 	Email    string `json:"email"`
 }
 
+type EmailCodeSendRequest struct {
+	Email string `json:"email" binding:"required,email"`
+}
+
+type EmailCodeSendResponse struct{}
+
 type EmailRegisterRequest struct {
 	Email    string `json:"email" binding:"required,email"`
 	Password string `json:"password" binding:"required,min=6"`
+	Code     string `json:"code" binding:"required"`
 }
 
 type EmailRegisterResponse struct {

internal/service/user_service.go

@@ -14,6 +14,7 @@ import (
 	"gitea.com/texpixel/document_ai/internal/storage/cache"
 	"gitea.com/texpixel/document_ai/internal/storage/dao"
 	"gitea.com/texpixel/document_ai/pkg/common"
+	"gitea.com/texpixel/document_ai/pkg/email"
 	"gitea.com/texpixel/document_ai/pkg/log"
 	"gitea.com/texpixel/document_ai/pkg/sms"
 	"golang.org/x/crypto/bcrypt"
@@ -115,14 +116,52 @@ func (svc *UserService) GetUserInfo(ctx context.Context, uid int64) (*dao.User,
 	return user, nil
 }
 
-func (svc *UserService) RegisterByEmail(ctx context.Context, email, password string) (uid int64, err error) {
-	existingUser, err := svc.userDao.GetByEmail(dao.DB.WithContext(ctx), email)
+func (svc *UserService) SendEmailCode(ctx context.Context, emailAddr string) error {
+	limit, err := cache.GetUserSendEmailLimit(ctx, emailAddr)
+	if err != nil {
+		log.Error(ctx, "func", "SendEmailCode", "msg", "get send email limit error", "error", err)
+		return err
+	}
+	if limit >= cache.UserSendEmailLimitCount {
+		return common.ErrEmailSendLimit
+	}
+
+	code := fmt.Sprintf("%06d", rand.Intn(1000000))
+
+	subject := "TexPixel 邮箱验证码"
+	body := fmt.Sprintf(`<p>您的验证码为：<strong>%s</strong>，10分钟内有效，请勿泄露。</p>`, code)
+	if err = email.Send(ctx, emailAddr, subject, body); err != nil {
+		log.Error(ctx, "func", "SendEmailCode", "msg", "send email error", "error", err)
+		return err
+	}
+
+	if cacheErr := cache.SetUserEmailCode(ctx, emailAddr, code); cacheErr != nil {
+		log.Error(ctx, "func", "SendEmailCode", "msg", "set email code error", "error", cacheErr)
+	}
+	if cacheErr := cache.SetUserSendEmailLimit(ctx, emailAddr); cacheErr != nil {
+		log.Error(ctx, "func", "SendEmailCode", "msg", "set send email limit error", "error", cacheErr)
+	}
+	return nil
+}
+
+func (svc *UserService) RegisterByEmail(ctx context.Context, emailAddr, password, code string) (uid int64, err error) {
+	storedCode, err := cache.GetUserEmailCode(ctx, emailAddr)
+	if err != nil {
+		log.Error(ctx, "func", "RegisterByEmail", "msg", "get email code error", "error", err)
+		return 0, err
+	}
+	if storedCode == "" || storedCode != code {
+		log.Warn(ctx, "func", "RegisterByEmail", "msg", "invalid email code", "email", emailAddr)
+		return 0, common.ErrEmailCodeError
+	}
+
+	existingUser, err := svc.userDao.GetByEmail(dao.DB.WithContext(ctx), emailAddr)
 	if err != nil {
 		log.Error(ctx, "func", "RegisterByEmail", "msg", "get user by email error", "error", err)
 		return 0, err
 	}
 	if existingUser != nil {
-		log.Warn(ctx, "func", "RegisterByEmail", "msg", "email already registered", "email", email)
+		log.Warn(ctx, "func", "RegisterByEmail", "msg", "email already registered", "email", emailAddr)
 		return 0, common.ErrEmailExists
 	}
 
@@ -133,15 +172,18 @@ func (svc *UserService) RegisterByEmail(ctx context.Context, email, password str
 	}
 
 	user := &dao.User{
-		Email:    email,
+		Email:    emailAddr,
 		Password: string(hashedPassword),
 	}
-	err = svc.userDao.Create(dao.DB.WithContext(ctx), user)
-	if err != nil {
+	if err = svc.userDao.Create(dao.DB.WithContext(ctx), user); err != nil {
 		log.Error(ctx, "func", "RegisterByEmail", "msg", "create user error", "error", err)
 		return 0, err
 	}
 
+	if cacheErr := cache.DeleteUserEmailCode(ctx, emailAddr); cacheErr != nil {
+		log.Error(ctx, "func", "RegisterByEmail", "msg", "delete email code error", "error", cacheErr)
+	}
+
 	return user.ID, nil
 }
 

internal/storage/cache/user.go

@@ -61,3 +61,56 @@ func SetUserSendSmsLimit(ctx context.Context, phone string) error {
 func DeleteUserSmsCode(ctx context.Context, phone string) error {
 	return RedisClient.Del(ctx, fmt.Sprintf(UserSmsCodePrefix, phone)).Err()
 }
+
+const (
+	UserEmailCodeTTL        = 10 * time.Minute
+	UserSendEmailLimitTTL   = 24 * time.Hour
+	UserSendEmailLimitCount = 5
+)
+
+const (
+	UserEmailCodePrefix = "user:email_code:%s"
+	UserSendEmailLimit  = "user:send_email_limit:%s"
+)
+
+func GetUserEmailCode(ctx context.Context, email string) (string, error) {
+	code, err := RedisClient.Get(ctx, fmt.Sprintf(UserEmailCodePrefix, email)).Result()
+	if err != nil {
+		if err == redis.Nil {
+			return "", nil
+		}
+		return "", err
+	}
+	return code, nil
+}
+
+func SetUserEmailCode(ctx context.Context, email, code string) error {
+	return RedisClient.Set(ctx, fmt.Sprintf(UserEmailCodePrefix, email), code, UserEmailCodeTTL).Err()
+}
+
+func DeleteUserEmailCode(ctx context.Context, email string) error {
+	return RedisClient.Del(ctx, fmt.Sprintf(UserEmailCodePrefix, email)).Err()
+}
+
+func GetUserSendEmailLimit(ctx context.Context, email string) (int, error) {
+	limit, err := RedisClient.Get(ctx, fmt.Sprintf(UserSendEmailLimit, email)).Result()
+	if err != nil {
+		if err == redis.Nil {
+			return 0, nil
+		}
+		return 0, err
+	}
+	return strconv.Atoi(limit)
+}
+
+func SetUserSendEmailLimit(ctx context.Context, email string) error {
+	key := fmt.Sprintf(UserSendEmailLimit, email)
+	count, err := RedisClient.Incr(ctx, key).Result()
+	if err != nil {
+		return err
+	}
+	if count > UserSendEmailLimitCount {
+		return errors.New("send email limit")
+	}
+	return RedisClient.Expire(ctx, key, UserSendEmailLimitTTL).Err()
+}