feat(config): add sensitive word filtering system with database support
Implement sensitive word filtering feature with configurable database and Redis support. Add security enhancements including WebSocket origin validation, improved password strength requirements, timing attack prevention, and production JWT secret validation. Add batch operation validation limits and optimize user blocking queries with subqueries. BREAKING CHANGE: Password validation now requires minimum 8 characters with uppercase, lowercase, and digit (was 6-50 characters without complexity requirements)
This commit is contained in:
@@ -27,11 +27,43 @@ var upgrader = websocket.Upgrader{
|
||||
ReadBufferSize: 1024,
|
||||
WriteBufferSize: 4096,
|
||||
CheckOrigin: func(r *http.Request) bool {
|
||||
return true // 允许所有来源,实际生产环境应该限制
|
||||
origin := r.Header.Get("Origin")
|
||||
if origin == "" {
|
||||
return true
|
||||
}
|
||||
return isAllowedWebSocketOrigin(origin)
|
||||
},
|
||||
HandshakeTimeout: 10 * time.Second,
|
||||
}
|
||||
|
||||
var allowedWebSocketOrigins = []string{
|
||||
"https://bbs.littlelan.cn",
|
||||
"https://admin.littlelan.cn",
|
||||
"https://browser.littlelan.cn",
|
||||
"http://localhost:3000",
|
||||
"http://localhost:5173",
|
||||
"http://127.0.0.1:3000",
|
||||
"http://127.0.0.1:5173",
|
||||
}
|
||||
|
||||
func isAllowedWebSocketOrigin(origin string) bool {
|
||||
for _, o := range allowedWebSocketOrigins {
|
||||
if o == origin {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") {
|
||||
return true
|
||||
}
|
||||
|
||||
if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") {
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// WSHandler WebSocket处理器
|
||||
type WSHandler struct {
|
||||
wsHub *ws.Hub
|
||||
|
||||
Reference in New Issue
Block a user