feat(config): add sensitive word filtering system with database support
Implement sensitive word filtering feature with configurable database and Redis support. Add security enhancements including WebSocket origin validation, improved password strength requirements, timing attack prevention, and production JWT secret validation. Add batch operation validation limits and optimize user blocking queries with subqueries. BREAKING CHANGE: Password validation now requires minimum 8 characters with uppercase, lowercase, and digit (was 6-50 characters without complexity requirements)
This commit is contained in:
@@ -278,6 +278,9 @@ func (s *userServiceImpl) Login(ctx context.Context, account, password string) (
|
||||
var failReason string
|
||||
|
||||
if err != nil || user == nil {
|
||||
// 时序攻击防护:执行假的密码哈希验证,保持响应时间一致
|
||||
_ = utils.CheckPasswordHash(password, "$2a$10$fakehashfortimingattackprevention1234567890")
|
||||
|
||||
loginResult = string(model.LoginResultFail)
|
||||
failReason = string(model.FailReasonUserNotFound)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user