1.重构防爆逻辑，基于IP+UserName锁定（单位时间内，锁定相同IP下的相同用户，其它IP和用户不影响）

2.增加基于用户的全局锁定 3.增加基于IP的全局锁定 4.用户单位时间内的请求频率限制（暂未开放）
2025-08-08 15:56:43 +08:00 · 2024-10-03 23:29:41 +08:00
parent 9e700830be
commit 2fedb281e8
4 changed files with 337 additions and 82 deletions
--- a/server/base/cfg.go
+++ b/server/base/cfg.go
@@ -85,10 +85,19 @@ type ServerConfig struct {
 	DisplayError    bool `json:"display_error"`
 	ExcludeExportIp bool `json:"exclude_export_ip"`

-	MaxBanCount         int `json:"max_ban_score"`
-	BanResetTime        int `json:"ban_reset_time"`
-	LockTime            int `json:"lock_time"`
-	UserStateExpiration int `json:"user_state_expiration"`
+	AntiBruteForce bool `json:"anti_brute_force"`
+
+	MaxBanCount  int `json:"max_ban_score"`
+	BanResetTime int `json:"ban_reset_time"`
+	LockTime     int `json:"lock_time"`
+
+	MaxGlobalUserBanCount  int `json:"max_global_user_ban_count"`
+	GlobalUserBanResetTime int `json:"global_user_ban_reset_time"`
+	GlobalUserLockTime     int `json:"global_user_lock_time"`
+
+	MaxGlobalIPBanCount  int `json:"max_global_ip_ban_count"`
+	GlobalIPBanResetTime int `json:"global_ip_ban_reset_time"`
+	GlobalIPLockTime     int `json:"global_ip_lock_time"`
 }

 func initServerCfg() {
--- a/server/base/config.go
+++ b/server/base/config.go
@@ -72,10 +72,19 @@ var configs = []config{
 	{Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false},
 	{Typ: cfgBool, Name: "exclude_export_ip", Usage: "排除出口ip路由(出口ip不加密传输)", ValBool: true},

+	{Typ: cfgBool, Name: "anti_brute_force", Usage: "是否开启防爆功能", ValBool: true},
+
 	{Typ: cfgInt, Name: "max_ban_score", Usage: "单位时间内最大尝试次数，0为关闭防爆功能", ValInt: 5},
-	{Typ: cfgInt, Name: "ban_reset_time", Usage: "设置单位时间(秒)，超过则重置计数", ValInt: 1},
+	{Typ: cfgInt, Name: "ban_reset_time", Usage: "设置单位时间(秒)，超过则重置计数", ValInt: 10},
 	{Typ: cfgInt, Name: "lock_time", Usage: "超过最大尝试次数后的锁定时长(秒)", ValInt: 300},
-	{Typ: cfgInt, Name: "user_state_expiration", Usage: "用户状态的保存周期(秒),超过则清空计数", ValInt: 900},
+
+	{Typ: cfgInt, Name: "max_global_user_ban_count", Usage: "全局用户单位时间内最大尝试次数", ValInt: 20},
+	{Typ: cfgInt, Name: "global_user_ban_reset_time", Usage: "全局用户设置单位时间(秒)", ValInt: 600},
+	{Typ: cfgInt, Name: "global_user_lock_time", Usage: "全局用户锁定时间(秒)", ValInt: 300},
+
+	{Typ: cfgInt, Name: "max_global_ip_ban_count", Usage: "全局IP单位时间内最大尝试次数", ValInt: 40},
+	{Typ: cfgInt, Name: "global_ip_ban_reset_time", Usage: "全局IP设置单位时间(秒)", ValInt: 1200},
+	{Typ: cfgInt, Name: "global_ip_lock_time", Usage: "全局IP锁定时间(秒)", ValInt: 300},
 }

 var envs = map[string]string{}