mirror of
https://github.com/bjdgyc/anylink.git
synced 2025-09-18 09:27:13 +08:00
防爆增加全局黑名单功能
增加防爆测试用例 优化防爆检查逻辑
This commit is contained in:
wsczx
@@ -24,7 +24,15 @@ type LockState struct {
|
||||
LockTime time.Time `json:"lock_time"` // 锁定截止时间
|
||||
LastAttempt time.Time `json:"lastAttempt"` // 最后一次尝试的时间
|
||||
}
|
||||
type IPWhitelists struct {
|
||||
|
||||
type IPListType int
|
||||
|
||||
const (
|
||||
IPListWhite IPListType = iota
|
||||
IPListBlack
|
||||
)
|
||||
|
||||
type IPList struct {
|
||||
IP net.IP
|
||||
CIDR *net.IPNet
|
||||
}
|
||||
@@ -35,7 +43,7 @@ type LockManager struct {
|
||||
ipLocks map[string]*LockState // 全局IP锁定状态
|
||||
userLocks map[string]*LockState // 全局用户锁定状态
|
||||
ipUserLocks map[string]map[string]*LockState // 单用户IP锁定状态
|
||||
ipWhitelists []IPWhitelists // 全局IP白名单,包含IP地址和CIDR范围
|
||||
ipLists map[IPListType][]IPList // 统一的IP列表管理
|
||||
cleanupTicker *time.Ticker
|
||||
}
|
||||
|
||||
@@ -46,10 +54,10 @@ func GetLockManager() *LockManager {
|
||||
once.Do(func() {
|
||||
lockmanager = &LockManager{
|
||||
// LoginStatus: sync.Map{},
|
||||
ipLocks: make(map[string]*LockState),
|
||||
userLocks: make(map[string]*LockState),
|
||||
ipUserLocks: make(map[string]map[string]*LockState),
|
||||
ipWhitelists: make([]IPWhitelists, 0),
|
||||
ipLocks: make(map[string]*LockState),
|
||||
userLocks: make(map[string]*LockState),
|
||||
ipUserLocks: make(map[string]map[string]*LockState),
|
||||
ipLists: make(map[IPListType][]IPList),
|
||||
}
|
||||
})
|
||||
return lockmanager
|
||||
@@ -64,7 +72,8 @@ func InitLockManager() {
|
||||
base.Cfg.GlobalLockStateExpirationTime = defaultGlobalLockStateExpirationTime
|
||||
}
|
||||
lm.StartCleanupTicker()
|
||||
lm.InitIPWhitelist()
|
||||
lm.InitIPList(IPListWhite, base.Cfg.IPWhiteList)
|
||||
lm.InitIPList(IPListBlack, base.Cfg.IPBlackList)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -181,40 +190,50 @@ func (lm *LockManager) GetLocksInfo() []LockInfo {
|
||||
return locksInfo
|
||||
}
|
||||
|
||||
// 初始化IP白名单
|
||||
func (lm *LockManager) InitIPWhitelist() {
|
||||
ipWhitelist := strings.Split(base.Cfg.IPWhitelist, ",")
|
||||
for _, ipWhitelist := range ipWhitelist {
|
||||
ipWhitelist = strings.TrimSpace(ipWhitelist)
|
||||
if ipWhitelist == "" {
|
||||
// 初始化IP列表
|
||||
func (lm *LockManager) InitIPList(listType IPListType, config string) {
|
||||
if lm.ipLists == nil {
|
||||
lm.ipLists = make(map[IPListType][]IPList)
|
||||
}
|
||||
|
||||
ipList := strings.Split(config, ",")
|
||||
for _, ipItem := range ipList {
|
||||
ipItem = strings.TrimSpace(ipItem)
|
||||
if ipItem == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
_, ipNet, err := net.ParseCIDR(ipWhitelist)
|
||||
_, ipNet, err := net.ParseCIDR(ipItem)
|
||||
if err == nil {
|
||||
lm.ipWhitelists = append(lm.ipWhitelists, IPWhitelists{CIDR: ipNet})
|
||||
lm.ipLists[listType] = append(lm.ipLists[listType], IPList{CIDR: ipNet})
|
||||
continue
|
||||
}
|
||||
|
||||
ip := net.ParseIP(ipWhitelist)
|
||||
ip := net.ParseIP(ipItem)
|
||||
if ip != nil {
|
||||
lm.ipWhitelists = append(lm.ipWhitelists, IPWhitelists{IP: ip})
|
||||
lm.ipLists[listType] = append(lm.ipLists[listType], IPList{IP: ip})
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 检查 IP 是否在白名单中
|
||||
func (lm *LockManager) IsWhitelisted(ip string) bool {
|
||||
// 检查 IP 列表
|
||||
func (lm *LockManager) IsInIPList(ip string, listType IPListType) bool {
|
||||
clientIP := net.ParseIP(ip)
|
||||
if clientIP == nil {
|
||||
return false
|
||||
}
|
||||
for _, ipWhitelist := range lm.ipWhitelists {
|
||||
if ipWhitelist.CIDR != nil && ipWhitelist.CIDR.Contains(clientIP) {
|
||||
|
||||
ipList, exists := lm.ipLists[listType]
|
||||
if !exists {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, ipItem := range ipList {
|
||||
if ipItem.CIDR != nil && ipItem.CIDR.Contains(clientIP) {
|
||||
return true
|
||||
}
|
||||
if ipWhitelist.IP != nil && ipWhitelist.IP.Equal(clientIP) {
|
||||
if ipItem.IP != nil && ipItem.IP.Equal(clientIP) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
@@ -372,6 +391,9 @@ func (lm *LockManager) UpdateUserIPLock(username, ip string, now time.Time, succ
|
||||
|
||||
// 更新锁定状态
|
||||
func (lm *LockManager) UpdateLockState(state *LockState, now time.Time, success bool, maxBanCount, lockTime int) {
|
||||
if state.Locked {
|
||||
return // 已经锁定,不处理
|
||||
}
|
||||
if success {
|
||||
lm.Unlock(state) // 成功登录后解锁
|
||||
} else {
|
||||
@@ -424,10 +446,16 @@ func (lm *LockManager) CheckLocked(username, ipaddr string) bool {
|
||||
now := time.Now()
|
||||
|
||||
// 检查IP是否在白名单中
|
||||
if lm.IsWhitelisted(ip) {
|
||||
if lm.IsInIPList(ip, IPListWhite) {
|
||||
return true
|
||||
}
|
||||
|
||||
// 检查IP是否在黑名单中
|
||||
if lm.IsInIPList(ip, IPListBlack) {
|
||||
base.Warn("IP", ip, "is blacklisted. Access denied.")
|
||||
return false
|
||||
}
|
||||
|
||||
// 检查全局 IP 锁定
|
||||
if base.Cfg.MaxGlobalIPBanCount > 0 && lm.CheckGlobalIPLock(ip, now) {
|
||||
base.Warn("IP", ip, "is globally locked. Try again later.")
|
||||
|
||||
Reference in New Issue
Block a user