feat(config): add sensitive word filtering system with database support
All checks were successful
Build Backend / build (push) Successful in 12m54s
Build Backend / build-docker (push) Successful in 1m41s

Implement sensitive word filtering feature with configurable database and Redis
support. Add security enhancements including WebSocket origin validation, improved
password strength requirements, timing attack prevention, and production JWT secret
validation. Add batch operation validation limits and optimize user blocking
queries with subqueries.

BREAKING CHANGE: Password validation now requires minimum 8 characters with uppercase,
lowercase, and digit (was 6-50 characters without complexity requirements)
This commit is contained in:
lafay
2026-04-07 00:07:40 +08:00
parent 6429322217
commit 98b8abd26a
20 changed files with 263 additions and 84 deletions

View File

@@ -24,10 +24,57 @@ func ValidateUsername(username string) bool {
// ValidatePassword 验证密码强度
func ValidatePassword(password string) bool {
if len(password) < 6 || len(password) > 50 {
if len(password) < 8 || len(password) > 50 {
return false
}
return true
var hasUpper, hasLower, hasDigit bool
for _, c := range password {
switch {
case 'A' <= c && c <= 'Z':
hasUpper = true
case 'a' <= c && c <= 'z':
hasLower = true
case '0' <= c && c <= '9':
hasDigit = true
}
}
return hasUpper && hasLower && hasDigit
}
// ValidatePasswordWithDetail 验证密码强度并返回详细信息
func ValidatePasswordWithDetail(password string) (bool, string) {
if len(password) < 8 {
return false, "密码长度至少8位"
}
if len(password) > 50 {
return false, "密码长度不能超过50位"
}
var hasUpper, hasLower, hasDigit bool
for _, c := range password {
switch {
case 'A' <= c && c <= 'Z':
hasUpper = true
case 'a' <= c && c <= 'z':
hasLower = true
case '0' <= c && c <= '9':
hasDigit = true
}
}
if !hasUpper {
return false, "密码必须包含大写字母"
}
if !hasLower {
return false, "密码必须包含小写字母"
}
if !hasDigit {
return false, "密码必须包含数字"
}
return true, ""
}
// ValidatePhone 验证手机号
@@ -37,10 +84,13 @@ func ValidatePhone(phone string) bool {
return matched
}
// SanitizeHTML 清理HTML
// SanitizeHTML 清理HTML防止XSS攻击
func SanitizeHTML(input string) string {
// 简单实现,实际使用建议用专门库
input = strings.ReplaceAll(input, "<", "<")
input = strings.ReplaceAll(input, ">", ">")
input = strings.ReplaceAll(input, "&", "&amp;")
input = strings.ReplaceAll(input, "<", "&lt;")
input = strings.ReplaceAll(input, ">", "&gt;")
input = strings.ReplaceAll(input, "\"", "&quot;")
input = strings.ReplaceAll(input, "'", "&#x27;")
input = strings.ReplaceAll(input, "/", "&#x2F;")
return input
}