CarrotSkin/backend
4
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 增加登录和验证码验证失败次数限制,添加账号锁定机制
Some checks failed
SonarQube Analysis / sonarqube (push) Has been cancelled
Details

Browse Source
This commit is contained in:
lan
2025-12-02 10:38:25 +08:00
parent 10fdcd916b
commit 13bab28926
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/service/user_service.go
View File

@@ -109,6 +109,11 @@ func LoginUserWithRateLimit(redisClient *redis.Client, jwtService *auth.JWTServi
if redisClient != nil { if redisClient != nil {
identifier := usernameOrEmail + ":" + ipAddress identifier := usernameOrEmail + ":" + ipAddress
count, _ := RecordLoginFailure(ctx, redisClient, identifier) count, _ := RecordLoginFailure(ctx, redisClient, identifier)
// 检查是否触发锁定
if count >= MaxLoginAttempts {
logFailedLogin(0, ipAddress, userAgent, "用户不存在-账号已锁定")
return nil, "", fmt.Errorf("登录失败次数过多,账号已被锁定 %d 分钟", int(LoginLockDuration.Minutes()))
}
remaining := MaxLoginAttempts - count remaining := MaxLoginAttempts - count
if remaining > 0 { if remaining > 0 {
logFailedLogin(0, ipAddress, userAgent, "用户不存在") logFailedLogin(0, ipAddress, userAgent, "用户不存在")
@@ -131,6 +136,11 @@ func LoginUserWithRateLimit(redisClient *redis.Client, jwtService *auth.JWTServi
if redisClient != nil { if redisClient != nil {
identifier := usernameOrEmail + ":" + ipAddress identifier := usernameOrEmail + ":" + ipAddress
count, _ := RecordLoginFailure(ctx, redisClient, identifier) count, _ := RecordLoginFailure(ctx, redisClient, identifier)
// 检查是否触发锁定
if count >= MaxLoginAttempts {
logFailedLogin(user.ID, ipAddress, userAgent, "密码错误-账号已锁定")
return nil, "", fmt.Errorf("登录失败次数过多,账号已被锁定 %d 分钟", int(LoginLockDuration.Minutes()))
}
remaining := MaxLoginAttempts - count remaining := MaxLoginAttempts - count
if remaining > 0 { if remaining > 0 {
logFailedLogin(user.ID, ipAddress, userAgent, "密码错误") logFailedLogin(user.ID, ipAddress, userAgent, "密码错误")

16
internal/service/verification_service.go
View File

@@ -102,15 +102,25 @@ func VerifyCode(ctx context.Context, redisClient *redis.Client, email, code, cod
// 从Redis获取验证码 // 从Redis获取验证码
storedCode, err := redisClient.Get(ctx, codeKey) storedCode, err := redisClient.Get(ctx, codeKey)
if err != nil { if err != nil {
// 记录失败尝试 // 记录失败尝试并检查是否触发锁定
RecordVerifyFailure(ctx, redisClient, email, codeType) count, _ := RecordVerifyFailure(ctx, redisClient, email, codeType)
if count >= MaxVerifyAttempts {
return fmt.Errorf("验证码错误次数过多,账号已被锁定 %d 分钟", int(VerifyLockDuration.Minutes()))
}
remaining := MaxVerifyAttempts - count
if remaining > 0 {
return fmt.Errorf("验证码已过期或不存在,还剩 %d 次尝试机会", remaining)
}
return fmt.Errorf("验证码已过期或不存在") return fmt.Errorf("验证码已过期或不存在")
} }
// 验证验证码 // 验证验证码
if storedCode != code { if storedCode != code {
// 记录失败尝试 // 记录失败尝试并检查是否触发锁定
count, _ := RecordVerifyFailure(ctx, redisClient, email, codeType) count, _ := RecordVerifyFailure(ctx, redisClient, email, codeType)
if count >= MaxVerifyAttempts {
return fmt.Errorf("验证码错误次数过多,账号已被锁定 %d 分钟", int(VerifyLockDuration.Minutes()))
}
remaining := MaxVerifyAttempts - count remaining := MaxVerifyAttempts - count
if remaining > 0 { if remaining > 0 {
return fmt.Errorf("验证码错误,还剩 %d 次尝试机会", remaining) return fmt.Errorf("验证码错误,还剩 %d 次尝试机会", remaining)