feat: 增加登录和验证码验证失败次数限制，添加账号锁定机制

2025-12-02 10:38:25 +08:00
parent 10fdcd916b
commit 13bab28926
2 changed files with 23 additions and 3 deletions
--- a/internal/service/user_service.go
+++ b/internal/service/user_service.go
@@ -109,6 +109,11 @@ func LoginUserWithRateLimit(redisClient *redis.Client, jwtService *auth.JWTServi
 		if redisClient != nil {
 			identifier := usernameOrEmail + ":" + ipAddress
 			count, _ := RecordLoginFailure(ctx, redisClient, identifier)
+			// 检查是否触发锁定
+			if count >= MaxLoginAttempts {
+				logFailedLogin(0, ipAddress, userAgent, "用户不存在-账号已锁定")
+				return nil, "", fmt.Errorf("登录失败次数过多，账号已被锁定 %d 分钟", int(LoginLockDuration.Minutes()))
+			}
 			remaining := MaxLoginAttempts - count
 			if remaining > 0 {
 				logFailedLogin(0, ipAddress, userAgent, "用户不存在")
@@ -131,6 +136,11 @@ func LoginUserWithRateLimit(redisClient *redis.Client, jwtService *auth.JWTServi
 		if redisClient != nil {
 			identifier := usernameOrEmail + ":" + ipAddress
 			count, _ := RecordLoginFailure(ctx, redisClient, identifier)
+			// 检查是否触发锁定
+			if count >= MaxLoginAttempts {
+				logFailedLogin(user.ID, ipAddress, userAgent, "密码错误-账号已锁定")
+				return nil, "", fmt.Errorf("登录失败次数过多，账号已被锁定 %d 分钟", int(LoginLockDuration.Minutes()))
+			}
 			remaining := MaxLoginAttempts - count
 			if remaining > 0 {
 				logFailedLogin(user.ID, ipAddress, userAgent, "密码错误")