Wei-Shaw · Zerek-Cheng · Apr 17, 2026 · Apr 17, 2026
diff --git a/backend/cmd/server/VERSION b/backend/cmd/server/VERSION
@@ -1 +1 @@
-0.1.114
+0.1.114-2
diff --git a/backend/internal/handler/admin/setting_handler.go b/backend/internal/handler/admin/setting_handler.go
@@ -110,6 +110,7 @@ func (h *SettingHandler) GetSettings(c *gin.Context) {
 		SMTPFrom:                             settings.SMTPFrom,
 		SMTPFromName:                         settings.SMTPFromName,
 		SMTPUseTLS:                           settings.SMTPUseTLS,
+		SMTPSkipTLSVerify:                    settings.SMTPSkipTLSVerify,
 		TurnstileEnabled:                     settings.TurnstileEnabled,
 		TurnstileSiteKey:                     settings.TurnstileSiteKey,
 		TurnstileSecretKeyConfigured:         settings.TurnstileSecretKeyConfigured,
@@ -216,13 +217,14 @@ type UpdateSettingsRequest struct {
 	TotpEnabled                      bool     `json:"totp_enabled"` // TOTP 双因素认证
 
 	// 邮件服务设置
-	SMTPHost     string `json:"smtp_host"`
-	SMTPPort     int    `json:"smtp_port"`
-	SMTPUsername string `json:"smtp_username"`
-	SMTPPassword string `json:"smtp_password"`
-	SMTPFrom     string `json:"smtp_from_email"`
-	SMTPFromName string `json:"smtp_from_name"`
-	SMTPUseTLS   bool   `json:"smtp_use_tls"`
+	SMTPHost          string `json:"smtp_host"`
+	SMTPPort          int    `json:"smtp_port"`
+	SMTPUsername      string `json:"smtp_username"`
+	SMTPPassword      string `json:"smtp_password"`
+	SMTPFrom          string `json:"smtp_from_email"`
+	SMTPFromName      string `json:"smtp_from_name"`
+	SMTPUseTLS        bool   `json:"smtp_use_tls"`
+	SMTPSkipTLSVerify *bool  `json:"smtp_skip_tls_verify"`
 
 	// Cloudflare Turnstile 设置
 	TurnstileEnabled   bool   `json:"turnstile_enabled"`
@@ -391,6 +393,7 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		req.SMTPFrom = previousSettings.SMTPFrom
 		req.SMTPFromName = previousSettings.SMTPFromName
 		req.SMTPUseTLS = previousSettings.SMTPUseTLS
+		req.SMTPSkipTLSVerify = &previousSettings.SMTPSkipTLSVerify
 	}
 
 	// Turnstile 参数验证
@@ -798,63 +801,69 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		SMTPFrom:                         req.SMTPFrom,
 		SMTPFromName:                     req.SMTPFromName,
 		SMTPUseTLS:                       req.SMTPUseTLS,
-		TurnstileEnabled:                 req.TurnstileEnabled,
-		TurnstileSiteKey:                 req.TurnstileSiteKey,
-		TurnstileSecretKey:               req.TurnstileSecretKey,
-		LinuxDoConnectEnabled:            req.LinuxDoConnectEnabled,
-		LinuxDoConnectClientID:           req.LinuxDoConnectClientID,
-		LinuxDoConnectClientSecret:       req.LinuxDoConnectClientSecret,
-		LinuxDoConnectRedirectURL:        req.LinuxDoConnectRedirectURL,
-		OIDCConnectEnabled:               req.OIDCConnectEnabled,
-		OIDCConnectProviderName:          req.OIDCConnectProviderName,
-		OIDCConnectClientID:              req.OIDCConnectClientID,
-		OIDCConnectClientSecret:          req.OIDCConnectClientSecret,
-		OIDCConnectIssuerURL:             req.OIDCConnectIssuerURL,
-		OIDCConnectDiscoveryURL:          req.OIDCConnectDiscoveryURL,
-		OIDCConnectAuthorizeURL:          req.OIDCConnectAuthorizeURL,
-		OIDCConnectTokenURL:              req.OIDCConnectTokenURL,
-		OIDCConnectUserInfoURL:           req.OIDCConnectUserInfoURL,
-		OIDCConnectJWKSURL:               req.OIDCConnectJWKSURL,
-		OIDCConnectScopes:                req.OIDCConnectScopes,
-		OIDCConnectRedirectURL:           req.OIDCConnectRedirectURL,
-		OIDCConnectFrontendRedirectURL:   req.OIDCConnectFrontendRedirectURL,
-		OIDCConnectTokenAuthMethod:       req.OIDCConnectTokenAuthMethod,
-		OIDCConnectUsePKCE:               req.OIDCConnectUsePKCE,
-		OIDCConnectValidateIDToken:       req.OIDCConnectValidateIDToken,
-		OIDCConnectAllowedSigningAlgs:    req.OIDCConnectAllowedSigningAlgs,
-		OIDCConnectClockSkewSeconds:      req.OIDCConnectClockSkewSeconds,
-		OIDCConnectRequireEmailVerified:  req.OIDCConnectRequireEmailVerified,
-		OIDCConnectUserInfoEmailPath:     req.OIDCConnectUserInfoEmailPath,
-		OIDCConnectUserInfoIDPath:        req.OIDCConnectUserInfoIDPath,
-		OIDCConnectUserInfoUsernamePath:  req.OIDCConnectUserInfoUsernamePath,
-		SiteName:                         req.SiteName,
-		SiteLogo:                         req.SiteLogo,
-		SiteSubtitle:                     req.SiteSubtitle,
-		APIBaseURL:                       req.APIBaseURL,
-		ContactInfo:                      req.ContactInfo,
-		DocURL:                           req.DocURL,
-		HomeContent:                      req.HomeContent,
-		HideCcsImportButton:              req.HideCcsImportButton,
-		PurchaseSubscriptionEnabled:      purchaseEnabled,
-		PurchaseSubscriptionURL:          purchaseURL,
-		TableDefaultPageSize:             req.TableDefaultPageSize,
-		TablePageSizeOptions:             req.TablePageSizeOptions,
-		CustomMenuItems:                  customMenuJSON,
-		CustomEndpoints:                  customEndpointsJSON,
-		DefaultConcurrency:               req.DefaultConcurrency,
-		DefaultBalance:                   req.DefaultBalance,
-		DefaultSubscriptions:             defaultSubscriptions,
-		EnableModelFallback:              req.EnableModelFallback,
-		FallbackModelAnthropic:           req.FallbackModelAnthropic,
-		FallbackModelOpenAI:              req.FallbackModelOpenAI,
-		FallbackModelGemini:              req.FallbackModelGemini,
-		FallbackModelAntigravity:         req.FallbackModelAntigravity,
-		EnableIdentityPatch:              req.EnableIdentityPatch,
-		IdentityPatchPrompt:              req.IdentityPatchPrompt,
-		MinClaudeCodeVersion:             req.MinClaudeCodeVersion,
-		MaxClaudeCodeVersion:             req.MaxClaudeCodeVersion,
-		AllowUngroupedKeyScheduling:      req.AllowUngroupedKeyScheduling,
-		BackendModeEnabled:               req.BackendModeEnabled,
+		SMTPSkipTLSVerify: func() bool {
+			if req.SMTPSkipTLSVerify != nil {
+				return *req.SMTPSkipTLSVerify
+			}
+			return previousSettings.SMTPSkipTLSVerify
+		}(),
+		TurnstileEnabled:                req.TurnstileEnabled,
+		TurnstileSiteKey:                req.TurnstileSiteKey,
+		TurnstileSecretKey:              req.TurnstileSecretKey,
+		LinuxDoConnectEnabled:           req.LinuxDoConnectEnabled,
+		LinuxDoConnectClientID:          req.LinuxDoConnectClientID,
+		LinuxDoConnectClientSecret:      req.LinuxDoConnectClientSecret,
+		LinuxDoConnectRedirectURL:       req.LinuxDoConnectRedirectURL,
+		OIDCConnectEnabled:              req.OIDCConnectEnabled,
+		OIDCConnectProviderName:         req.OIDCConnectProviderName,
+		OIDCConnectClientID:             req.OIDCConnectClientID,
+		OIDCConnectClientSecret:         req.OIDCConnectClientSecret,
+		OIDCConnectIssuerURL:            req.OIDCConnectIssuerURL,
+		OIDCConnectDiscoveryURL:         req.OIDCConnectDiscoveryURL,
+		OIDCConnectAuthorizeURL:         req.OIDCConnectAuthorizeURL,
+		OIDCConnectTokenURL:             req.OIDCConnectTokenURL,
+		OIDCConnectUserInfoURL:          req.OIDCConnectUserInfoURL,
+		OIDCConnectJWKSURL:              req.OIDCConnectJWKSURL,
+		OIDCConnectScopes:               req.OIDCConnectScopes,
+		OIDCConnectRedirectURL:          req.OIDCConnectRedirectURL,
+		OIDCConnectFrontendRedirectURL:  req.OIDCConnectFrontendRedirectURL,
+		OIDCConnectTokenAuthMethod:      req.OIDCConnectTokenAuthMethod,
+		OIDCConnectUsePKCE:              req.OIDCConnectUsePKCE,
+		OIDCConnectValidateIDToken:      req.OIDCConnectValidateIDToken,
+		OIDCConnectAllowedSigningAlgs:   req.OIDCConnectAllowedSigningAlgs,
+		OIDCConnectClockSkewSeconds:     req.OIDCConnectClockSkewSeconds,
+		OIDCConnectRequireEmailVerified: req.OIDCConnectRequireEmailVerified,
+		OIDCConnectUserInfoEmailPath:    req.OIDCConnectUserInfoEmailPath,
+		OIDCConnectUserInfoIDPath:       req.OIDCConnectUserInfoIDPath,
+		OIDCConnectUserInfoUsernamePath: req.OIDCConnectUserInfoUsernamePath,
+		SiteName:                        req.SiteName,
+		SiteLogo:                        req.SiteLogo,
+		SiteSubtitle:                    req.SiteSubtitle,
+		APIBaseURL:                      req.APIBaseURL,
+		ContactInfo:                     req.ContactInfo,
+		DocURL:                          req.DocURL,
+		HomeContent:                     req.HomeContent,
+		HideCcsImportButton:             req.HideCcsImportButton,
+		PurchaseSubscriptionEnabled:     purchaseEnabled,
+		PurchaseSubscriptionURL:         purchaseURL,
+		TableDefaultPageSize:            req.TableDefaultPageSize,
+		TablePageSizeOptions:            req.TablePageSizeOptions,
+		CustomMenuItems:                 customMenuJSON,
+		CustomEndpoints:                 customEndpointsJSON,
+		DefaultConcurrency:              req.DefaultConcurrency,
+		DefaultBalance:                  req.DefaultBalance,
+		DefaultSubscriptions:            defaultSubscriptions,
+		EnableModelFallback:             req.EnableModelFallback,
+		FallbackModelAnthropic:          req.FallbackModelAnthropic,
+		FallbackModelOpenAI:             req.FallbackModelOpenAI,
+		FallbackModelGemini:             req.FallbackModelGemini,
+		FallbackModelAntigravity:        req.FallbackModelAntigravity,
+		EnableIdentityPatch:             req.EnableIdentityPatch,
+		IdentityPatchPrompt:             req.IdentityPatchPrompt,
+		MinClaudeCodeVersion:            req.MinClaudeCodeVersion,
+		MaxClaudeCodeVersion:            req.MaxClaudeCodeVersion,
+		AllowUngroupedKeyScheduling:     req.AllowUngroupedKeyScheduling,
+		BackendModeEnabled:              req.BackendModeEnabled,
 		OpsMonitoringEnabled: func() bool {
 			if req.OpsMonitoringEnabled != nil {
 				return *req.OpsMonitoringEnabled
@@ -1011,6 +1020,7 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
 		SMTPFrom:                             updatedSettings.SMTPFrom,
 		SMTPFromName:                         updatedSettings.SMTPFromName,
 		SMTPUseTLS:                           updatedSettings.SMTPUseTLS,
+		SMTPSkipTLSVerify:                    updatedSettings.SMTPSkipTLSVerify,
 		TurnstileEnabled:                     updatedSettings.TurnstileEnabled,
 		TurnstileSiteKey:                     updatedSettings.TurnstileSiteKey,
 		TurnstileSecretKeyConfigured:         updatedSettings.TurnstileSecretKeyConfigured,
@@ -1184,6 +1194,9 @@ func diffSettings(before *service.SystemSettings, after *service.SystemSettings,
 	if before.SMTPUseTLS != after.SMTPUseTLS {
 		changed = append(changed, "smtp_use_tls")
 	}
+	if before.SMTPSkipTLSVerify != after.SMTPSkipTLSVerify {
+		changed = append(changed, "smtp_skip_tls_verify")
+	}
 	if before.TurnstileEnabled != after.TurnstileEnabled {
 		changed = append(changed, "turnstile_enabled")
 	}
@@ -1462,11 +1475,12 @@ func equalNotifyEmailEntries(a, b []service.NotifyEmailEntry) bool {
 
 // TestSMTPRequest 测试SMTP连接请求
 type TestSMTPRequest struct {
-	SMTPHost     string `json:"smtp_host"`
-	SMTPPort     int    `json:"smtp_port"`
-	SMTPUsername string `json:"smtp_username"`
-	SMTPPassword string `json:"smtp_password"`
-	SMTPUseTLS   bool   `json:"smtp_use_tls"`
+	SMTPHost          string `json:"smtp_host"`
+	SMTPPort          int    `json:"smtp_port"`
+	SMTPUsername      string `json:"smtp_username"`
+	SMTPPassword      string `json:"smtp_password"`
+	SMTPUseTLS        bool   `json:"smtp_use_tls"`
+	SMTPSkipTLSVerify *bool  `json:"smtp_skip_tls_verify"`
 }
 
 // TestSMTPConnection 测试SMTP连接
@@ -1499,6 +1513,9 @@ func (h *SettingHandler) TestSMTPConnection(c *gin.Context) {
 	if req.SMTPUsername == "" && savedConfig != nil {
 		req.SMTPUsername = savedConfig.Username
 	}
+	if req.SMTPSkipTLSVerify == nil && savedConfig != nil {
+		req.SMTPSkipTLSVerify = &savedConfig.SkipTLSVerify
+	}
 	password := strings.TrimSpace(req.SMTPPassword)
 	if password == "" && savedConfig != nil {
 		password = savedConfig.Password
@@ -1509,11 +1526,12 @@ func (h *SettingHandler) TestSMTPConnection(c *gin.Context) {
 	}
 
 	config := &service.SMTPConfig{
-		Host:     req.SMTPHost,
-		Port:     req.SMTPPort,
-		Username: req.SMTPUsername,
-		Password: password,
-		UseTLS:   req.SMTPUseTLS,
+		Host:          req.SMTPHost,
+		Port:          req.SMTPPort,
+		Username:      req.SMTPUsername,
+		Password:      password,
+		UseTLS:        req.SMTPUseTLS,
+		SkipTLSVerify: req.SMTPSkipTLSVerify != nil && *req.SMTPSkipTLSVerify,
 	}
 
 	err := h.emailService.TestSMTPConnectionWithConfig(config)
@@ -1527,14 +1545,15 @@ func (h *SettingHandler) TestSMTPConnection(c *gin.Context) {
 
 // SendTestEmailRequest 发送测试邮件请求
 type SendTestEmailRequest struct {
-	Email        string `json:"email" binding:"required,email"`
-	SMTPHost     string `json:"smtp_host"`
-	SMTPPort     int    `json:"smtp_port"`
-	SMTPUsername string `json:"smtp_username"`
-	SMTPPassword string `json:"smtp_password"`
-	SMTPFrom     string `json:"smtp_from_email"`
-	SMTPFromName string `json:"smtp_from_name"`
-	SMTPUseTLS   bool   `json:"smtp_use_tls"`
+	Email             string `json:"email" binding:"required,email"`
+	SMTPHost          string `json:"smtp_host"`
+	SMTPPort          int    `json:"smtp_port"`
+	SMTPUsername      string `json:"smtp_username"`
+	SMTPPassword      string `json:"smtp_password"`
+	SMTPFrom          string `json:"smtp_from_email"`
+	SMTPFromName      string `json:"smtp_from_name"`
+	SMTPUseTLS        bool   `json:"smtp_use_tls"`
+	SMTPSkipTLSVerify *bool  `json:"smtp_skip_tls_verify"`
 }
 
 // SendTestEmail 发送测试邮件
@@ -1569,6 +1588,9 @@ func (h *SettingHandler) SendTestEmail(c *gin.Context) {
 	if req.SMTPUsername == "" && savedConfig != nil {
 		req.SMTPUsername = savedConfig.Username
 	}
+	if req.SMTPSkipTLSVerify == nil && savedConfig != nil {
+		req.SMTPSkipTLSVerify = &savedConfig.SkipTLSVerify
+	}
 	password := strings.TrimSpace(req.SMTPPassword)
 	if password == "" && savedConfig != nil {
 		password = savedConfig.Password
@@ -1585,13 +1607,14 @@ func (h *SettingHandler) SendTestEmail(c *gin.Context) {
 	}
 
 	config := &service.SMTPConfig{
-		Host:     req.SMTPHost,
-		Port:     req.SMTPPort,
-		Username: req.SMTPUsername,
-		Password: password,
-		From:     req.SMTPFrom,
-		FromName: req.SMTPFromName,
-		UseTLS:   req.SMTPUseTLS,
+		Host:          req.SMTPHost,
+		Port:          req.SMTPPort,
+		Username:      req.SMTPUsername,
+		Password:      password,
+		From:          req.SMTPFrom,
+		FromName:      req.SMTPFromName,
+		UseTLS:        req.SMTPUseTLS,
+		SkipTLSVerify: req.SMTPSkipTLSVerify != nil && *req.SMTPSkipTLSVerify,
 	}
 
 	siteName := h.settingService.GetSiteName(c.Request.Context())

diff --git a/backend/internal/handler/dto/settings.go b/backend/internal/handler/dto/settings.go
@@ -41,6 +41,7 @@ type SystemSettings struct {
 	SMTPFrom               string `json:"smtp_from_email"`
 	SMTPFromName           string `json:"smtp_from_name"`
 	SMTPUseTLS             bool   `json:"smtp_use_tls"`
+	SMTPSkipTLSVerify      bool   `json:"smtp_skip_tls_verify"`
 
 	TurnstileEnabled             bool   `json:"turnstile_enabled"`
 	TurnstileSiteKey             string `json:"turnstile_site_key"`

diff --git a/backend/internal/server/api_contract_test.go b/backend/internal/server/api_contract_test.go
@@ -454,13 +454,14 @@ func TestAPIContracts(t *testing.T) {
 					service.SettingKeyRegistrationEmailSuffixWhitelist: "[]",
 					service.SettingKeyPromoCodeEnabled:                 "true",
 
-					service.SettingKeySMTPHost:     "smtp.example.com",
-					service.SettingKeySMTPPort:     "587",
-					service.SettingKeySMTPUsername: "user",
-					service.SettingKeySMTPPassword: "secret",
-					service.SettingKeySMTPFrom:     "no-reply@example.com",
-					service.SettingKeySMTPFromName: "Sub2API",
-					service.SettingKeySMTPUseTLS:   "true",
+					service.SettingKeySMTPHost:          "smtp.example.com",
+					service.SettingKeySMTPPort:          "587",
+					service.SettingKeySMTPUsername:      "user",
+					service.SettingKeySMTPPassword:      "secret",
+					service.SettingKeySMTPFrom:          "no-reply@example.com",
+					service.SettingKeySMTPFromName:      "Sub2API",
+					service.SettingKeySMTPUseTLS:        "true",
+					service.SettingKeySMTPSkipTLSVerify: "false",
 
 					service.SettingKeyTurnstileEnabled:   "true",
 					service.SettingKeyTurnstileSiteKey:   "site-key",
@@ -528,6 +529,7 @@ func TestAPIContracts(t *testing.T) {
 					"smtp_from_email": "no-reply@example.com",
 					"smtp_from_name": "Sub2API",
 					"smtp_use_tls": true,
+					"smtp_skip_tls_verify": false,
 					"turnstile_enabled": true,
 					"turnstile_site_key": "site-key",
 					"turnstile_secret_key_configured": true,

diff --git a/backend/internal/service/domain_constants.go b/backend/internal/service/domain_constants.go
@@ -86,13 +86,14 @@ const (
 	SettingKeyInvitationCodeEnabled            = "invitation_code_enabled"             // 是否启用邀请码注册
 
 	// 邮件服务设置
-	SettingKeySMTPHost     = "smtp_host"      // SMTP服务器地址
-	SettingKeySMTPPort     = "smtp_port"      // SMTP端口
-	SettingKeySMTPUsername = "smtp_username"  // SMTP用户名
-	SettingKeySMTPPassword = "smtp_password"  // SMTP密码（加密存储）
-	SettingKeySMTPFrom     = "smtp_from"      // 发件人地址
-	SettingKeySMTPFromName = "smtp_from_name" // 发件人名称
-	SettingKeySMTPUseTLS   = "smtp_use_tls"   // 是否使用TLS
+	SettingKeySMTPHost          = "smtp_host"            // SMTP服务器地址
+	SettingKeySMTPPort          = "smtp_port"            // SMTP端口
+	SettingKeySMTPUsername      = "smtp_username"        // SMTP用户名
+	SettingKeySMTPPassword      = "smtp_password"        // SMTP密码（加密存储）
+	SettingKeySMTPFrom          = "smtp_from"            // 发件人地址
+	SettingKeySMTPFromName      = "smtp_from_name"       // 发件人名称
+	SettingKeySMTPUseTLS        = "smtp_use_tls"         // 是否使用TLS
+	SettingKeySMTPSkipTLSVerify = "smtp_skip_tls_verify" // 是否跳过 TLS 证书信任校验
 
 	// Cloudflare Turnstile 设置
 	SettingKeyTurnstileEnabled   = "turnstile_enabled"    // 是否启用 Turnstile 验证