From 19c486d1a51a9f29c11b137d418375c9930f0193 Mon Sep 17 00:00:00 2001 From: gotoeasy Date: Sun, 29 Oct 2023 12:45:50 +0800 Subject: [PATCH] =?UTF-8?q?=E8=BF=9E=E7=BB=AD5=E6=AC=A1=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E5=A4=B1=E8=B4=A5=E6=97=B6=E9=99=90=E5=88=B6=E7=99=BB=E5=BD=95?= =?UTF-8?q?15=E5=88=86=E9=92=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- glc/go.mod | 2 +- glc/go.sum | 2 ++ glc/www/controller/login_controller.go | 33 ++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/glc/go.mod b/glc/go.mod index e7bec4a..377219a 100644 --- a/glc/go.mod +++ b/glc/go.mod @@ -6,7 +6,7 @@ require ( github.com/gin-contrib/cors v1.4.0 github.com/gin-contrib/gzip v0.0.6 github.com/gin-gonic/gin v1.9.1 - github.com/gotoeasy/glang v0.10.17 + github.com/gotoeasy/glang v0.10.18 github.com/shirou/gopsutil v3.21.11+incompatible github.com/streadway/amqp v1.1.0 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 diff --git a/glc/go.sum b/glc/go.sum index c48ad86..9bb8eaa 100644 --- a/glc/go.sum +++ b/glc/go.sum @@ -268,6 +268,8 @@ github.com/gotoeasy/glang v0.10.16 h1:XHHWZErvyycqjfjkA9J9s0co5lRBVjXQBbKFjlxXcC github.com/gotoeasy/glang v0.10.16/go.mod h1:RGoWvWlVIEqRX1tOgWhyLbrvjuWMFINmnUMqZX5/vmo= github.com/gotoeasy/glang v0.10.17 h1:PG6NKA7Uy64UeCqTanaJyT81daHcnRgJRBvb2kiUUYQ= github.com/gotoeasy/glang v0.10.17/go.mod h1:RGoWvWlVIEqRX1tOgWhyLbrvjuWMFINmnUMqZX5/vmo= +github.com/gotoeasy/glang v0.10.18 h1:QPJM6pawnRpe0N3wNLhdWSdiErFC4dYDYSmuqbhQCM0= +github.com/gotoeasy/glang v0.10.18/go.mod h1:RGoWvWlVIEqRX1tOgWhyLbrvjuWMFINmnUMqZX5/vmo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= diff --git a/glc/www/controller/login_controller.go b/glc/www/controller/login_controller.go index 86f754b..9bf663d 100644 --- a/glc/www/controller/login_controller.go +++ b/glc/www/controller/login_controller.go @@ -11,9 +11,11 @@ import ( ) var sessionid string +var catch *cmn.Cache func init() { if conf.IsEnableLogin() { + catch = cmn.NewCache(time.Minute * 15) sessionid = createSessionid() go func() { ticker := time.NewTicker(time.Hour) // 一小时更新一次 @@ -28,10 +30,23 @@ func init() { func LoginController(req *gweb.HttpRequest) *gweb.HttpResult { username := req.GetFormParameter("username") password := req.GetFormParameter("password") + key := getClientHash(req) + val, find := catch.Get(key) + cnt := 0 + if find { + cnt = val.(int) + if cnt >= 5 { + catch.Set(key, cnt) // 还试,重新计算限制时间,再等15分钟吧 + return gweb.Error500("连续多次失败,当前已被限制登录") + } + } if username != conf.GetUsername() || password != conf.GetPassword() { + cnt++ + catch.Set(key, cnt) return gweb.Error500("用户名或密码错误") } + catch.Delete(key) return gweb.Result(sessionid) } @@ -53,3 +68,21 @@ func createSessionid() string { func GetSessionid() string { return sessionid } + +func getClientHash(req *gweb.HttpRequest) string { + var ary []string + ary = append(ary, req.GetHeader("Sec-Fetch-Site")) + ary = append(ary, req.GetHeader("Sec-Fetch-Dest")) + ary = append(ary, req.GetHeader("Sec-Ch-Ua-Mobile")) + ary = append(ary, req.GetHeader("Accept-Language")) + ary = append(ary, req.GetHeader("Accept-Encoding")) + ary = append(ary, req.GetHeader("X-Forwarded-For")) + ary = append(ary, req.GetHeader("Forwarded")) + ary = append(ary, req.GetHeader("Sec-Ch-Ua-Platform")) + ary = append(ary, req.GetHeader("User-Agent")) + ary = append(ary, req.GetHeader("Sec-Fetch-Mode")) + ary = append(ary, req.GetHeader("Sec-Ch-Ua")) + ary = append(ary, req.GetHeader("Referer")) + ary = append(ary, req.GinCtx.ClientIP()) + return cmn.HashString(cmn.Join(ary, ",")) +}