Password Reset

Provides a complete "forgot password → email link → set new password" flow, balancing security and usability.

Goals:

• Don't reveal account existence (uniform response)
• Single-use, short expiration (default: 30 minutes)
• Rate limiting and audit logging
• Invalidate historical sessions/tokens after successful reset

pub async fn reset_password(uid: i64, arg: ResetPasswordParams) -> Result<String> {
    let db = DB().await;
    let ouser = SysUserModel::find_by_id(uid).await;
    let user = if let Some(user) = ouser {
        user
    } else {
        return Err("Old Password Error".into());
    };
    if !util::verify_password(&arg.old_password, user.password.as_str()) {
        return Err("Password Error".into());
    }
    let mut user_active: sys_user::ActiveModel = user.into();
    let new_password = util::hash_password(&arg.new_password).unwrap();
    user_active.password = Set(new_password);
    user_active.update(db).await?;
    Ok("Success".into())
}