From 9f1bc9c0ce1638d48820793fbbecf736903cad77 Mon Sep 17 00:00:00 2001
From: JetSprow <jetsprow@example.com>
Date: Wed, 29 Apr 2026 15:20:23 +1000
Subject: [PATCH] fix: respect email verification setting

---
 prisma/schema.prisma                             | 2 +-
 src/actions/admin/users.ts                       | 2 +-
 src/app/(admin)/admin/settings/settings-form.tsx | 2 +-
 src/app/api/auth/register/route.ts               | 9 ++++++++-
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 82c19ba..b96e2c4 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -133,7 +133,7 @@ enum SupportTicketPriority {
 model User {
   id              String     @id @default(cuid())
   email           String     @unique
-  emailVerifiedAt DateTime?  @default(now())
+  emailVerifiedAt DateTime?
   password        String
   name            String?
   role            Role       @default(USER)
diff --git a/src/actions/admin/users.ts b/src/actions/admin/users.ts
index b83bfd0..d46df24 100644
--- a/src/actions/admin/users.ts
+++ b/src/actions/admin/users.ts
@@ -26,7 +26,7 @@ export async function createUser(formData: FormData) {
   const data = createUserSchema.parse(Object.fromEntries(formData));
   const hashed = await bcrypt.hash(data.password, 12);
   const user = await prisma.user.create({
-    data: { email: data.email, password: hashed, name: data.name || null, role: data.role },
+    data: { email: data.email, emailVerifiedAt: new Date(), password: hashed, name: data.name || null, role: data.role },
   });
   await recordAuditLog({
     actor: actorFromSession(session),
diff --git a/src/app/(admin)/admin/settings/settings-form.tsx b/src/app/(admin)/admin/settings/settings-form.tsx
index 841e4aa..787d0f2 100644
--- a/src/app/(admin)/admin/settings/settings-form.tsx
+++ b/src/app/(admin)/admin/settings/settings-form.tsx
@@ -230,7 +230,7 @@ export function SettingsForm({ config, coupons }: { config: AppConfig; coupons:
               <option value="false">关闭</option>
               <option value="true">开启，注册后必须验证邮箱</option>
             </select>
-            <p className="text-xs leading-5 text-muted-foreground">开启后，新用户注册会先收到验证邮件，完成验证后才能登录。</p>
+            <p className="text-xs leading-5 text-muted-foreground">开启后，新用户注册会先收到验证邮件，完成验证后才能登录；关闭后注册成功即可登录。</p>
           </div>
         </div>
       </section>
diff --git a/src/app/api/auth/register/route.ts b/src/app/api/auth/register/route.ts
index 9a05b33..5342448 100644
--- a/src/app/api/auth/register/route.ts
+++ b/src/app/api/auth/register/route.ts
@@ -5,7 +5,7 @@ import { z } from "zod";
 import { getAppConfig } from "@/services/app-config";
 import { verifyTurnstile } from "@/lib/turnstile";
 import { rateLimit } from "@/lib/rate-limit";
-import { normalizeEmailAddress, sendRegistrationVerificationEmail } from "@/services/email";
+import { isSmtpConfigured, normalizeEmailAddress, sendRegistrationVerificationEmail } from "@/services/email";
 
 const schema = z.object({
   email: z.string().email("邮箱格式不正确"),
@@ -52,6 +52,13 @@ export async function POST(req: Request) {
   const email = normalizeEmailAddress(parsed.data.email);
   const config = await getAppConfig();
 
+  if (config.emailVerificationRequired && !isSmtpConfigured(config)) {
+    return NextResponse.json(
+      { error: "注册暂不可用：管理员已开启邮箱验证，但站点尚未配置 SMTP 邮件服务，无法发送验证邮件" },
+      { status: 503 },
+    );
+  }
+
   if (config.turnstileSecretKey) {
     if (!turnstileToken || !(await verifyTurnstile(turnstileToken, config.turnstileSecretKey))) {
       return NextResponse.json({ error: "人机验证失败：Turnstile token 缺失、已过期或校验未通过" }, { status: 403 });