Fix: get host url schema error

internal/email/email.go

@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
+	"strings"
 	"text/template"
 	"time"
 
@@ -119,8 +120,9 @@ type captchaPayload struct {
 }
 
 type retrievePasswordPayload struct {
-	Host string
+	Captcha string
-	Url  string
+	Host    string
+	Url     string
 
 	Year int
 }
@@ -293,16 +295,22 @@ func SendRetrievePasswordCaptchaEmail(userID, email, host string) error {
 	if userID == "" {
 		return errors.New("user id is empty")
 	}
-
 	if email == "" {
 		return errors.New("email is empty")
 	}
+	if host == "" {
+		return errors.New("host is empty")
+	}
+	if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
+		log.Errorf("host: %s must start with http:// or https://", host)
+		return errors.New("get host error")
+	}
 
 	u, err := url.Parse(host)
 	if err != nil {
 		return err
 	}
-	u.Path = `/web/auth/reset`
+	u.Path = `web/auth/reset`
 
 	pool, err := getSmtpPool()
 	if err != nil {
@@ -318,16 +326,17 @@ func SendRetrievePasswordCaptchaEmail(userID, email, host string) error {
 		entry.SetExpiration(time.Now().Add(time.Minute * 5))
 	}
 
-	q := u.Query()
+	q := url.Values{}
 	q.Set("captcha", entry.Value())
 	q.Set("email", email)
 	u.RawQuery = q.Encode()
 
 	out := bytes.NewBuffer(nil)
 	err = retrievePasswordTemplate.Execute(out, retrievePasswordPayload{
-		Host: host,
+		Captcha: entry.Value(),
-		Url:  u.String(),
+		Host:    host,
-		Year: time.Now().Year(),
+		Url:     u.String(),
+		Year:    time.Now().Year(),
 	})
 	if err != nil {
 		return err

internal/email/template/retrieve_password.mjml

@@ -22,8 +22,10 @@
         <mj-section padding="10px" padding-left="0px" padding-right="0px" background-color="#f3f4f6"
             border-radius=".75rem">
             <mj-column>
-                <mj-text font-size="18px" font-weight="600">忘记密码：</mj-text>
+                <mj-text font-size="18px" font-weight="600">忘记密码？</mj-text>
-                <mj-text css-class="indent">Hi! 你在 SyncTV 中提交了重置密码的请求，请前往修改：</mj-text>
+                <mj-text css-class="indent">Hi! 你在 SyncTV 中提交了重置密码的请求</mj-text>
+                <mj-text css-class="indent">你的验证码为：</mj-text>
+                <mj-text css-class="code" color="#2563eb" align="center" font-size="40px">{{ .Captcha }}</mj-text>
                 <mj-button background-color="#2563eb" color="#ffffff" href="{{ .Url }}">前往站点修改</mj-button>
                 <mj-text css-class="indent" font-family="MiSans">该验证码有效期为5分钟，如果您并没有访问过我们的网站，或没有进行上述操作，请忽略这封邮件。</mj-text>
             </mj-column>

server/handlers/init.go

@@ -1,6 +1,10 @@
 package handlers
 
 import (
+	"errors"
+	"net/url"
+	"strings"
+
 	"github.com/gin-gonic/gin"
 	"github.com/synctv-org/synctv/internal/model"
 	"github.com/synctv-org/synctv/internal/settings"
@@ -17,6 +21,16 @@ var (
 		"host",
 		"",
 		model.SettingGroupServer,
+		settings.WithValidatorString(func(s string) error {
+			if s == "" {
+				return nil
+			}
+			if !strings.HasPrefix(s, "http://") && !strings.HasPrefix(s, "https://") {
+				return errors.New("host must start with http:// or https://")
+			}
+			_, err := url.Parse(s)
+			return err
+		}),
 	)
 )
 

server/handlers/user.go

@@ -3,6 +3,7 @@ package handlers
 import (
 	"math/rand"
 	"net/http"
+	"net/url"
 	"strings"
 	"time"
 
@@ -505,7 +506,10 @@ func SendUserRetrievePasswordEmailCaptcha(ctx *gin.Context) {
 
 	host := HOST.Get()
 	if host == "" {
-		host = ctx.Request.Host
+		host = (&url.URL{
+			Scheme: "http",
+			Host:   ctx.Request.Host,
+		}).String()
 	}
 	if host == "" {
 		log.Error("failed to get host on send retrieve password email")