增加锁定状态记录生命周期配置项，优化清理内存的定时器

2024-10-04 11:55:46 +08:00 · 2024-10-04 11:55:46 +08:00 · 59748fe395
parent f195ae2d30
commit 59748fe395
4 changed files with 54 additions and 49 deletions
--- a/server/base/cfg.go
+++ b/server/base/cfg.go
@ -98,6 +98,8 @@ type ServerConfig struct {
 	MaxGlobalIPBanCount  int `json:"max_global_ip_ban_count"`
 	GlobalIPBanResetTime int `json:"global_ip_ban_reset_time"`
 	GlobalIPLockTime     int `json:"global_ip_lock_time"`
+
+	GlobalLockStateExpirationTime int `json:"global_lock_state_expiration_time"`
 }

 func initServerCfg() {
--- a/server/base/config.go
+++ b/server/base/config.go
@ -74,17 +74,19 @@ var configs = []config{

 	{Typ: cfgBool, Name: "anti_brute_force", Usage: "是否开启防爆功能", ValBool: true},

-	{Typ: cfgInt, Name: "max_ban_score", Usage: "单位时间内最大尝试次数，0为关闭防爆功能", ValInt: 5},
+	{Typ: cfgInt, Name: "max_ban_score", Usage: "单位时间内最大尝试次数，0为关闭该功能", ValInt: 5},
 	{Typ: cfgInt, Name: "ban_reset_time", Usage: "设置单位时间(秒)，超过则重置计数", ValInt: 10},
 	{Typ: cfgInt, Name: "lock_time", Usage: "超过最大尝试次数后的锁定时长(秒)", ValInt: 300},

-	{Typ: cfgInt, Name: "max_global_user_ban_count", Usage: "全局用户单位时间内最大尝试次数", ValInt: 20},
+	{Typ: cfgInt, Name: "max_global_user_ban_count", Usage: "全局用户单位时间内最大尝试次数，0为关闭该功能", ValInt: 20},
 	{Typ: cfgInt, Name: "global_user_ban_reset_time", Usage: "全局用户设置单位时间(秒)", ValInt: 600},
 	{Typ: cfgInt, Name: "global_user_lock_time", Usage: "全局用户锁定时间(秒)", ValInt: 300},

-	{Typ: cfgInt, Name: "max_global_ip_ban_count", Usage: "全局IP单位时间内最大尝试次数", ValInt: 40},
+	{Typ: cfgInt, Name: "max_global_ip_ban_count", Usage: "全局IP单位时间内最大尝试次数，0为关闭该功能", ValInt: 40},
 	{Typ: cfgInt, Name: "global_ip_ban_reset_time", Usage: "全局IP设置单位时间(秒)", ValInt: 1200},
 	{Typ: cfgInt, Name: "global_ip_lock_time", Usage: "全局IP锁定时间(秒)", ValInt: 300},
+
+	{Typ: cfgInt, Name: "global_lock_state_expiration_time", Usage: "全局锁定状态的保存生命周期(秒),超过则删除记录", ValInt: 3600},
 }

 var envs = map[string]string{}
--- a/server/conf/server.toml
+++ b/server/conf/server.toml
@ -53,10 +53,10 @@ ipv4_end = "192.168.90.200"
 #是否自动添加nat
 iptables_nat = true

-#防爆全局开关
+#防爆破全局开关
 anti_brute_force = true

-#单位时间内最大尝试次数，0为全局关闭防爆功能
+#单位时间内最大尝试次数，0为关闭该功能
 max_ban_score = 5
 #设置单位时间(秒)，超过则重置计数
 ban_reset_time = 10
@ -77,5 +77,8 @@ global_ip_ban_reset_time = 1200
 #全局IP锁定时间(秒)
 global_ip_lock_time = 300

+#全局锁定状态的保存生命周期(秒),超过则删除记录
+global_lock_state_expiration_time = 3600
+
 #客户端显示详细错误信息(线上环境慎开启)
 display_error = true
--- a/server/handler/antiBruteForce.go
+++ b/server/handler/antiBruteForce.go
@ -20,7 +20,9 @@ type contextKey string
 const loginStatusKey contextKey = "login_status"

 func init() {
-	lockManager.startCleanupTicker()
+	if base.Cfg.AntiBruteForce {
+		lockManager.startCleanupTicker()
+	}
 }

 // 防爆破中间件
@ -130,7 +132,7 @@ var lockManager = &LockManager{
 }

 func (lm *LockManager) startCleanupTicker() {
-	lm.cleanupTicker = time.NewTicker(1 * time.Minute)
+	lm.cleanupTicker = time.NewTicker(5 * time.Minute)
 	go func() {
 		for range lm.cleanupTicker.C {
 			lm.cleanupExpiredLocks()
@ -140,51 +142,47 @@ func (lm *LockManager) startCleanupTicker() {

 // 定期清理过期的锁定
 func (lm *LockManager) cleanupExpiredLocks() {
-	go func() {
-		for range time.Tick(5 * time.Minute) {
-			now := time.Now()
+	now := time.Now()

-			var ipKeys, userKeys []string
-			var IPuserKeys []struct{ user, ip string }
+	var ipKeys, userKeys []string
+	var IPuserKeys []struct{ user, ip string }

-			lm.mu.Lock()
-			for ip, state := range lm.ipLocks {
-				if now.Sub(state.LastAttempt) > time.Duration(base.Cfg.GlobalIPBanResetTime)*time.Second {
-					ipKeys = append(ipKeys, ip)
-				}
-			}
-
-			for user, state := range lm.userLocks {
-				if now.Sub(state.LastAttempt) > time.Duration(base.Cfg.GlobalUserBanResetTime)*time.Second {
-					userKeys = append(userKeys, user)
-				}
-			}
-
-			for user, ipMap := range lm.ipUserLocks {
-				for ip, state := range ipMap {
-					if now.Sub(state.LastAttempt) > time.Duration(base.Cfg.BanResetTime)*time.Second {
-						IPuserKeys = append(IPuserKeys, struct{ user, ip string }{user, ip})
-					}
-				}
-			}
-			lm.mu.Unlock()
-
-			lm.mu.Lock()
-			for _, ip := range ipKeys {
-				delete(lm.ipLocks, ip)
-			}
-			for _, user := range userKeys {
-				delete(lm.userLocks, user)
-			}
-			for _, key := range IPuserKeys {
-				delete(lm.ipUserLocks[key.user], key.ip)
-				if len(lm.ipUserLocks[key.user]) == 0 {
-					delete(lm.ipUserLocks, key.user)
-				}
-			}
-			lm.mu.Unlock()
+	lm.mu.Lock()
+	for ip, state := range lm.ipLocks {
+		if now.Sub(state.LastAttempt) > time.Duration(base.Cfg.GlobalLockStateExpirationTime)*time.Second {
+			ipKeys = append(ipKeys, ip)
 		}
-	}()
+	}
+
+	for user, state := range lm.userLocks {
+		if now.Sub(state.LastAttempt) > time.Duration(base.Cfg.GlobalLockStateExpirationTime)*time.Second {
+			userKeys = append(userKeys, user)
+		}
+	}
+
+	for user, ipMap := range lm.ipUserLocks {
+		for ip, state := range ipMap {
+			if now.Sub(state.LastAttempt) > time.Duration(base.Cfg.GlobalLockStateExpirationTime)*time.Second {
+				IPuserKeys = append(IPuserKeys, struct{ user, ip string }{user, ip})
+			}
+		}
+	}
+	lm.mu.Unlock()
+
+	lm.mu.Lock()
+	for _, ip := range ipKeys {
+		delete(lm.ipLocks, ip)
+	}
+	for _, user := range userKeys {
+		delete(lm.userLocks, user)
+	}
+	for _, key := range IPuserKeys {
+		delete(lm.ipUserLocks[key.user], key.ip)
+		if len(lm.ipUserLocks[key.user]) == 0 {
+			delete(lm.ipUserLocks, key.user)
+		}
+	}
+	lm.mu.Unlock()
 }

 // 检查全局 IP 锁定