fix(api/verification): validate purpose parameter

Add validation for the 'purpose' parameter in verification code requests
to ensure only allowed values are accepted.

Valid purposes: register, login, reset_password, bind
Invalid purposes will be rejected with 400 Bad Request.

api/verification/send.go

@@ -43,6 +43,17 @@ func sendCode(x *vigo.X, req *SendRequest) (*SendResponse, error) {
 		req.Purpose = models.CodePurposeLogin
 	}
 
+	// 验证用途是否合法
+	validPurposes := map[string]bool{
+		models.CodePurposeRegister:      true,
+		models.CodePurposeLogin:         true,
+		models.CodePurposeResetPassword: true,
+		models.CodePurposeBind:          true,
+	}
+	if !validPurposes[req.Purpose] {
+		return nil, vigo.ErrInvalidArg.WithString("invalid purpose")
+	}
+
 	db := cfg.DB()
 
 	// 检查发送频率限制