连续5次登录失败时限制登录15分钟

2025-09-15 12:58:34 +08:00 · 2023-10-29 12:45:50 +08:00 · 2023-10-29 12:45:50 +08:00 · 19c486d1a5
commit 19c486d1a5
parent 7421e6f671
3 changed files with 36 additions and 1 deletions
--- a/glc/go.mod
+++ b/glc/go.mod
@ -6,7 +6,7 @@ require (
 	github.com/gin-contrib/cors v1.4.0
 	github.com/gin-contrib/gzip v0.0.6
 	github.com/gin-gonic/gin v1.9.1
-	github.com/gotoeasy/glang v0.10.17
+	github.com/gotoeasy/glang v0.10.18
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/streadway/amqp v1.1.0
 	github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
--- a/glc/go.sum
+++ b/glc/go.sum
@ -268,6 +268,8 @@ github.com/gotoeasy/glang v0.10.16 h1:XHHWZErvyycqjfjkA9J9s0co5lRBVjXQBbKFjlxXcC
 github.com/gotoeasy/glang v0.10.16/go.mod h1:RGoWvWlVIEqRX1tOgWhyLbrvjuWMFINmnUMqZX5/vmo=
 github.com/gotoeasy/glang v0.10.17 h1:PG6NKA7Uy64UeCqTanaJyT81daHcnRgJRBvb2kiUUYQ=
 github.com/gotoeasy/glang v0.10.17/go.mod h1:RGoWvWlVIEqRX1tOgWhyLbrvjuWMFINmnUMqZX5/vmo=
+github.com/gotoeasy/glang v0.10.18 h1:QPJM6pawnRpe0N3wNLhdWSdiErFC4dYDYSmuqbhQCM0=
+github.com/gotoeasy/glang v0.10.18/go.mod h1:RGoWvWlVIEqRX1tOgWhyLbrvjuWMFINmnUMqZX5/vmo=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
--- a/glc/www/controller/login_controller.go
+++ b/glc/www/controller/login_controller.go
@ -11,9 +11,11 @@ import (
 )

 var sessionid string
+var catch *cmn.Cache

 func init() {
 	if conf.IsEnableLogin() {
+		catch = cmn.NewCache(time.Minute * 15)
 		sessionid = createSessionid()
 		go func() {
 			ticker := time.NewTicker(time.Hour) // 一小时更新一次
@ -28,10 +30,23 @@ func init() {
 func LoginController(req *gweb.HttpRequest) *gweb.HttpResult {
 	username := req.GetFormParameter("username")
 	password := req.GetFormParameter("password")
+	key := getClientHash(req)
+	val, find := catch.Get(key)
+	cnt := 0
+	if find {
+		cnt = val.(int)
+		if cnt >= 5 {
+			catch.Set(key, cnt) // 还试，重新计算限制时间，再等15分钟吧
+			return gweb.Error500("连续多次失败，当前已被限制登录")
+		}
+	}
 	if username != conf.GetUsername() || password != conf.GetPassword() {
+		cnt++
+		catch.Set(key, cnt)
 		return gweb.Error500("用户名或密码错误")
 	}

+	catch.Delete(key)
 	return gweb.Result(sessionid)
 }

@ -53,3 +68,21 @@ func createSessionid() string {
 func GetSessionid() string {
 	return sessionid
 }
+
+func getClientHash(req *gweb.HttpRequest) string {
+	var ary []string
+	ary = append(ary, req.GetHeader("Sec-Fetch-Site"))
+	ary = append(ary, req.GetHeader("Sec-Fetch-Dest"))
+	ary = append(ary, req.GetHeader("Sec-Ch-Ua-Mobile"))
+	ary = append(ary, req.GetHeader("Accept-Language"))
+	ary = append(ary, req.GetHeader("Accept-Encoding"))
+	ary = append(ary, req.GetHeader("X-Forwarded-For"))
+	ary = append(ary, req.GetHeader("Forwarded"))
+	ary = append(ary, req.GetHeader("Sec-Ch-Ua-Platform"))
+	ary = append(ary, req.GetHeader("User-Agent"))
+	ary = append(ary, req.GetHeader("Sec-Fetch-Mode"))
+	ary = append(ary, req.GetHeader("Sec-Ch-Ua"))
+	ary = append(ary, req.GetHeader("Referer"))
+	ary = append(ary, req.GinCtx.ClientIP())
+	return cmn.HashString(cmn.Join(ary, ","))
+}