diff --git a/backend/internal/handler/auth_handler.go b/backend/internal/handler/auth_handler.go
index e0078e14..b277ff65 100644
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -113,8 +113,7 @@ func (h *AuthHandler) Register(c *gin.Context) {
return
}
- // Turnstile 验证 — 始终执行,防止绕过
- // TODO: 确认前端在提交邮箱验证码注册时也传递了 turnstile_token
+ // Turnstile 验证 — 始终执行,防止机器人自动化注册
if err := h.authService.VerifyTurnstile(c.Request.Context(), req.TurnstileToken, ip.GetClientIP(c)); err != nil {
response.ErrorFrom(c, err)
return
diff --git a/frontend/src/views/auth/EmailVerifyView.vue b/frontend/src/views/auth/EmailVerifyView.vue
index 7f797eb4..63974867 100644
--- a/frontend/src/views/auth/EmailVerifyView.vue
+++ b/frontend/src/views/auth/EmailVerifyView.vue
@@ -69,6 +69,20 @@
+
+
+
+
+ {{ errors.submitTurnstile }}
+
+
-