优化代码，开启OTP防爆

2024-10-28 17:34:01 +08:00 · 2024-10-28 17:34:01 +08:00 · 55d7300033
parent 5f7b11954a
commit 55d7300033
1 changed files with 11 additions and 12 deletions
--- a/server/handler/link_auth_otp.go
+++ b/server/handler/link_auth_otp.go
@ -8,7 +8,6 @@ import (
 	"net"
 	"net/http"
 	"sync"
-	"sync/atomic"

 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
@ -18,12 +17,12 @@ import (

 var SessStore = NewSessionStore()

-const maxOtpErrCount = 3
+// const maxOtpErrCount = 3

 type AuthSession struct {
 	ClientRequest *ClientRequest
 	UserActLog    *dbdata.UserActLog
-	OtpErrCount   atomic.Uint32 // otp错误次数
+	// OtpErrCount   atomic.Uint32 // otp错误次数
 }

 // 存储临时会话信息
@ -62,10 +61,10 @@ func (s *SessionStore) DeleteAuthSession(sessionID string) {
 	delete(s.session, sessionID)
 }

-func (a *AuthSession) AddOtpErrCount(i int) int {
-	newI := a.OtpErrCount.Add(uint32(i))
-	return int(newI)
-}
+// func (a *AuthSession) AddOtpErrCount(i int) int {
+// 	newI := a.OtpErrCount.Add(uint32(i))
+// 	return int(newI)
+// }

 func GenerateSessionID() (string, error) {
 	sessionID := utils.RandomRunes(32)
@ -197,11 +196,11 @@ func LinkAuth_otp(w http.ResponseWriter, r *http.Request) {

 	// 动态码错误
 	if !dbdata.CheckOtp(username, otp, otpSecret) {
-		if sessionData.AddOtpErrCount(1) > maxOtpErrCount {
-			SessStore.DeleteAuthSession(sessionID)
-			http.Error(w, "TooManyError, please login again", http.StatusBadRequest)
-			return
-		}
+		// if sessionData.AddOtpErrCount(1) > maxOtpErrCount {
+		// 	SessStore.DeleteAuthSession(sessionID)
+		// 	http.Error(w, "TooManyError, please login again", http.StatusBadRequest)
+		// 	return
+		// }
 		lockManager.LoginStatus.Store(loginStatusKey, false) // 记录登录失败状态

 		base.Warn("OTP 动态码错误", username, r.RemoteAddr)