From 1c6fc446c94f709deb1a1661bfa86caf51abe27d Mon Sep 17 00:00:00 2001
From: wsczx <wsc@wsczx.com>
Date: Fri, 4 Oct 2024 19:22:23 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=97=A0=E6=B3=95=E8=87=AA?=
 =?UTF-8?q?=E5=8A=A8=E8=A7=A3=E9=94=81=E7=9A=84Bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/conf/server.toml          |  4 +++-
 server/handler/antiBruteForce.go | 10 +++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/server/conf/server.toml b/server/conf/server.toml
index d54702e..5dbf53d 100644
--- a/server/conf/server.toml
+++ b/server/conf/server.toml
@@ -55,12 +55,14 @@ iptables_nat = true
 
 #防爆破全局开关
 anti_brute_force = true
+#全局IP白名单,多个用逗号分隔，支持单IP和CIDR范围
 ip_whitelist = "192.168.90.1,172.16.0.0/24"
 
+#锁定时间最好不要超过单位时间
 #单位时间内最大尝试次数，0为关闭该功能
 max_ban_score = 5
 #设置单位时间(秒)，超过则重置计数
-ban_reset_time = 10
+ban_reset_time = 600
 #超过最大尝试次数后的锁定时长(秒)
 lock_time = 300
 
diff --git a/server/handler/antiBruteForce.go b/server/handler/antiBruteForce.go
index 77be83a..947a8a9 100644
--- a/server/handler/antiBruteForce.go
+++ b/server/handler/antiBruteForce.go
@@ -384,12 +384,20 @@ func (lm *LockManager) updateLockState(state *LockState, now time.Time, success
 	state.LastAttempt = now
 }
 
-// 超过时间窗口时重置锁定状态
+// 超过窗口时间和锁定时间时重置锁定状态
 func (lm *LockManager) resetLockStateIfExpired(state *LockState, now time.Time, resetTime int) {
 	if state == nil || state.LastAttempt.IsZero() {
 		return
 	}
 
+	// 如果超过锁定时间，重置锁定状态
+	if !state.LockTime.IsZero() && now.After(state.LockTime) {
+		state.FailureCount = 0
+		state.LockTime = time.Time{}
+		return
+	}
+
+	// 如果超过窗口时间，重置失败计数
 	if now.Sub(state.LastAttempt) > time.Duration(resetTime)*time.Second {
 		state.FailureCount = 0
 		state.LockTime = time.Time{}