1.修复防爆策略用户登录成功后没有重置计数的Bug

2.增加otp防爆 3.添加otp使用说明 4.优化代码
2025-08-09 11:19:50 +08:00 · 2024-10-26 09:13:02 +08:00
parent fdc755bd98
commit f8685490dc
6 changed files with 86 additions and 165 deletions
--- a/server/handler/link_auth.go
+++ b/server/handler/link_auth.go
@@ -2,7 +2,6 @@ package handler

 import (
 	"bytes"
-	"context"
 	"encoding/xml"
 	"fmt"
 	"io"
@@ -95,7 +94,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	// TODO 用户密码校验
 	err = dbdata.CheckUser(cr.Auth.Username, cr.Auth.Password, cr.GroupSelect)
 	if err != nil {
-		r = r.WithContext(context.WithValue(r.Context(), loginStatusKey, false)) // 传递登录失败状态
+		lockManager.loginStatus.Store(loginStatusKey, false) // 记录登录失败状态
 		base.Warn(err, r.RemoteAddr)
 		ua.Info = err.Error()
 		ua.Status = dbdata.UserAuthFail
@@ -109,7 +108,6 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		tplRequest(tpl_request, w, data)
 		return
 	}
-	r = r.WithContext(context.WithValue(r.Context(), loginStatusKey, true)) // 传递登录成功状态
 	dbdata.UserActLogIns.Add(*ua, userAgent)

 	v := &dbdata.User{}
@@ -121,6 +119,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	}
 	// 用户otp验证
 	if !v.DisableOtp {
+		lockManager.loginStatus.Store(loginStatusKey, true) // 重置OTP验证计数
 		sessionID, err := GenerateSessionID()
 		if err != nil {
 			base.Error("Failed to generate session ID: ", err)