fix: improve login error handling to distinguish database errors from auth failures

ValidateAndFill now checks the DB query result and returns sentinel errors
(ErrDatabase, ErrInvalidCredentials, ErrUserEmptyCredentials) instead of
hardcoded Chinese strings. The controller maps each sentinel to the
appropriate i18n message, so users see "please contact admin" on DB errors
instead of a misleading "wrong password" message. Non-DB errors still
return a unified vague response to avoid leaking user existence.
This commit is contained in:
CaIon
2026-04-12 17:11:20 +08:00
parent ed7f839911
commit 2819e3a1d1
5 changed files with 28 additions and 11 deletions
+1 -1
View File
@@ -2,7 +2,7 @@
# Common messages
common.invalid_params: "Invalid parameters"
common.database_error: "Database error, please try again later"
common.database_error: "Database error, please contact the administrator"
common.retry_later: "Please try again later"
common.generate_failed: "Generation failed"
common.not_found: "Not found"