1.修复防爆策略用户登录成功后没有重置计数的Bug

2.增加otp防爆
3.添加otp使用说明
4.优化代码

server/dbdata/db.go

@@ -203,7 +203,8 @@ const accountMail = `<p>您好:</p>
     <ul>
         <li>请使用OTP软件扫描动态码二维码</li>
         <li>然后使用anyconnect客户端进行登陆</li>
-        <li>登陆密码为 【PIN码+动态码】(中间没有+号)</li>
+        <li>登陆密码为 PIN 码</li>
+		<li>OTP密码为扫码后生成的动态码</li>
     </ul>
 </div>
 <p>

server/handler/antiBruteForce.go

@@ -12,11 +12,7 @@ import (
 	"github.com/bjdgyc/anylink/base"
 )
 
-// 自定义 contextKey 类型，避免键冲突
+const loginStatusKey = "login_status"
-type contextKey string
-
-// 定义常量作为上下文的键
-const loginStatusKey contextKey = "login_status"
 const defaultGlobalLockStateExpirationTime = 3600
 
 func initAntiBruteForce() {
@@ -53,6 +49,20 @@ func antiBruteForce(next http.Handler) http.Handler {
 		}
 
 		username := cr.Auth.Username
+		if r.URL.Path == "/otp-verification" {
+			sessionID, err := GetCookie(r, "auth-session-id")
+			if err != nil {
+				http.Error(w, "Invalid session, please login again", http.StatusUnauthorized)
+				return
+			}
+
+			sessionData, err := SessStore.GetAuthSession(sessionID)
+			if err != nil {
+				http.Error(w, "Invalid session, please login again", http.StatusUnauthorized)
+				return
+			}
+			username = sessionData.ClientRequest.Auth.Username
+		}
 		ip, _, err := net.SplitHostPort(r.RemoteAddr) // 提取纯 IP 地址，去掉端口号
 		if err != nil {
 			http.Error(w, "Unable to parse IP address", http.StatusInternalServerError)
@@ -109,13 +119,17 @@ func antiBruteForce(next http.Handler) http.Handler {
 		// 调用下一个处理器
 		next.ServeHTTP(w, r)
 
-		// 从 context 中获取登录状态
+		// 检查登录状态
-		loginStatus, _ := r.Context().Value(loginStatusKey).(bool)
+		Status, _ := lockManager.loginStatus.Load(loginStatusKey)
+		loginStatus, _ := Status.(bool)
 
 		// 更新用户登录状态
 		lockManager.updateGlobalIPLock(ip, now, loginStatus)
 		lockManager.updateGlobalUserLock(username, now, loginStatus)
 		lockManager.updateUserIPLock(username, ip, now, loginStatus)
+
+		// 清除登录状态
+		lockManager.loginStatus.Delete(loginStatusKey)
 	})
 }
 
@@ -131,6 +145,7 @@ type IPWhitelists struct {
 
 type LockManager struct {
 	mu           sync.Mutex
+	loginStatus  sync.Map                         // 登录状态
 	ipLocks      map[string]*LockState            // 全局IP锁定状态
 	userLocks    map[string]*LockState            // 全局用户锁定状态
 	ipUserLocks  map[string]map[string]*LockState // 单用户IP锁定状态
@@ -140,6 +155,7 @@ type LockManager struct {
 }
 
 var lockManager = &LockManager{
+	loginStatus:  sync.Map{},
 	ipLocks:      make(map[string]*LockState),
 	userLocks:    make(map[string]*LockState),
 	ipUserLocks:  make(map[string]map[string]*LockState),
@@ -251,14 +267,7 @@ func (lm *LockManager) checkGlobalIPLock(ip string, now time.Time) bool {
 		return false
 	}
 
-	// 如果超过时间窗口，重置失败计数
+	return lm.checkLockState(state, now, base.Cfg.GlobalIPBanResetTime)
-	lm.resetLockStateIfExpired(state, now, base.Cfg.GlobalIPBanResetTime)
-
-	if !state.LockTime.IsZero() && now.Before(state.LockTime) {
-		return true
-	}
-
-	return false
 }
 
 // 检查全局用户锁定
@@ -274,14 +283,7 @@ func (lm *LockManager) checkGlobalUserLock(username string, now time.Time) bool
 	if !exists {
 		return false
 	}
-	// 如果超过时间窗口，重置失败计数
+	return lm.checkLockState(state, now, base.Cfg.GlobalUserBanResetTime)
-	lm.resetLockStateIfExpired(state, now, base.Cfg.GlobalUserBanResetTime)
-
-	if !state.LockTime.IsZero() && now.Before(state.LockTime) {
-		return true
-	}
-
-	return false
 }
 
 // 检查单个用户的 IP 锁定
@@ -303,14 +305,7 @@ func (lm *LockManager) checkUserIPLock(username, ip string, now time.Time) bool
 		return false
 	}
 
-	// 如果超过时间窗口，重置失败计数
+	return lm.checkLockState(state, now, base.Cfg.BanResetTime)
-	lm.resetLockStateIfExpired(state, now, base.Cfg.BanResetTime)
-
-	if !state.LockTime.IsZero() && now.Before(state.LockTime) {
-		return true
-	}
-
-	return false
 }
 
 // 更新全局 IP 锁定状态
@@ -383,22 +378,27 @@ func (lm *LockManager) updateLockState(state *LockState, now time.Time, success
 	state.LastAttempt = now
 }
 
-// 超过窗口时间和锁定时间时重置锁定状态
+// 检查锁定状态
-func (lm *LockManager) resetLockStateIfExpired(state *LockState, now time.Time, resetTime int) {
+func (lm *LockManager) checkLockState(state *LockState, now time.Time, resetTime int) bool {
 	if state == nil || state.LastAttempt.IsZero() {
-		return
+		return false
 	}
 
 	// 如果超过锁定时间，重置锁定状态
 	if !state.LockTime.IsZero() && now.After(state.LockTime) {
 		state.FailureCount = 0
 		state.LockTime = time.Time{}
-		return
+		return false
 	}
-
 	// 如果超过窗口时间，重置失败计数
 	if now.Sub(state.LastAttempt) > time.Duration(resetTime)*time.Second {
 		state.FailureCount = 0
 		state.LockTime = time.Time{}
+		return false
 	}
+	// 如果锁定时间还在有效期内，继续锁定
+	if !state.LockTime.IsZero() && now.Before(state.LockTime) {
+		return true
+	}
+	return false
 }

server/handler/link_auth.go

@@ -2,7 +2,6 @@ package handler
 
 import (
 	"bytes"
-	"context"
 	"encoding/xml"
 	"fmt"
 	"io"
@@ -95,7 +94,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	// TODO 用户密码校验
 	err = dbdata.CheckUser(cr.Auth.Username, cr.Auth.Password, cr.GroupSelect)
 	if err != nil {
-		r = r.WithContext(context.WithValue(r.Context(), loginStatusKey, false)) // 传递登录失败状态
+		lockManager.loginStatus.Store(loginStatusKey, false) // 记录登录失败状态
 		base.Warn(err, r.RemoteAddr)
 		ua.Info = err.Error()
 		ua.Status = dbdata.UserAuthFail
@@ -109,7 +108,6 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		tplRequest(tpl_request, w, data)
 		return
 	}
-	r = r.WithContext(context.WithValue(r.Context(), loginStatusKey, true)) // 传递登录成功状态
 	dbdata.UserActLogIns.Add(*ua, userAgent)
 
 	v := &dbdata.User{}
@@ -121,6 +119,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	}
 	// 用户otp验证
 	if !v.DisableOtp {
+		lockManager.loginStatus.Store(loginStatusKey, true) // 重置OTP验证计数
 		sessionID, err := GenerateSessionID()
 		if err != nil {
 			base.Error("Failed to generate session ID: ", err)

server/handler/link_auth_otp.go

@@ -110,6 +110,8 @@ func DeleteCookie(w http.ResponseWriter, name string) {
 	http.SetCookie(w, cookie)
 }
 func CreateSession(w http.ResponseWriter, r *http.Request, authSession *AuthSession) {
+	lockManager.loginStatus.Store(loginStatusKey, true) // 更新登录成功状态
+
 	cr := authSession.ClientRequest
 	ua := authSession.UserActLog
 
@@ -200,6 +202,7 @@ func LinkAuth_otp(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, "TooManyError, please login again", http.StatusBadRequest)
 			return
 		}
+		lockManager.loginStatus.Store(loginStatusKey, false) // 记录登录失败状态
 
 		base.Warn("OTP 动态码错误", username, r.RemoteAddr)
 		ua.Info = "OTP 动态码错误"

server/handler/server.go

@@ -114,7 +114,7 @@ func initRoute() http.Handler {
 	r.Handle("/", antiBruteForce(http.HandlerFunc(LinkAuth))).Methods(http.MethodPost)
 	r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
 	r.HandleFunc("/otp_qr", LinkOtpQr).Methods(http.MethodGet)
-	r.HandleFunc("/otp-verification", LinkAuth_otp)
+	r.Handle("/otp-verification", antiBruteForce(http.HandlerFunc(LinkAuth_otp))).Methods(http.MethodPost)
 	r.HandleFunc(fmt.Sprintf("/profile_%s.xml", base.Cfg.ProfileName), func(w http.ResponseWriter, r *http.Request) {
 		b, _ := os.ReadFile(base.Cfg.Profile)
 		w.Write(b)

web/src/pages/user/List.vue

@@ -3,22 +3,13 @@
     <el-card>
       <el-form :inline="true">
         <el-form-item>
-          <el-button
+          <el-button size="small" type="primary" icon="el-icon-plus" @click="handleEdit('')">添加
-              size="small"
-              type="primary"
-              icon="el-icon-plus"
-              @click="handleEdit('')">添加
           </el-button>
         </el-form-item>
         <el-form-item>
           <el-dropdown size="small" placement="bottom">
-            <el-upload
+            <el-upload class="uploaduser" action="uploaduser" accept=".xlsx, .xls" :http-request="upLoadUser" :limit="1"
-                class="uploaduser"
+              :show-file-list="false">
-                action="uploaduser"
-                accept=".xlsx, .xls"
-                :http-request="upLoadUser"
-                :limit="1"
-                :show-file-list="false">
               <el-button size="small" icon="el-icon-upload2" type="primary">批量添加</el-button>
             </el-upload>
             <el-dropdown-menu slot="dropdown">
@@ -32,79 +23,45 @@
         </el-form-item>
         <el-form-item label="用户名或姓名或邮箱:">
           <el-input size="small" v-model="searchData" placeholder="请输入内容"
-                    @keydown.enter.native="searchEnterFun"></el-input>
+            @keydown.enter.native="searchEnterFun"></el-input>
         </el-form-item>
 
         <el-form-item>
-          <el-button
+          <el-button size="small" type="primary" icon="el-icon-search" @click="handleSearch()">搜索
-              size="small"
-              type="primary"
-              icon="el-icon-search"
-              @click="handleSearch()">搜索
           </el-button>
-          <el-button
+          <el-button size="small" icon="el-icon-refresh" @click="reset">重置搜索
-              size="small"
-              icon="el-icon-refresh"
-              @click="reset">重置搜索
           </el-button>
         </el-form-item>
       </el-form>
 
-      <el-table
+      <el-table ref="multipleTable" :data="tableData" border>
-          ref="multipleTable"
-          :data="tableData"
-          border>
 
-        <el-table-column
+        <el-table-column sortable="true" prop="id" label="ID" width="60">
-            sortable="true"
-            prop="id"
-            label="ID"
-            width="60">
         </el-table-column>
 
-        <el-table-column
+        <el-table-column prop="username" label="用户名" width="150">
-            prop="username"
-            label="用户名"
-            width="150">
         </el-table-column>
 
-        <el-table-column
+        <el-table-column prop="nickname" label="姓名" width="100">
-            prop="nickname"
-            label="姓名"
-            width="100">
         </el-table-column>
 
-        <el-table-column
+        <el-table-column prop="email" label="邮箱">
-            prop="email"
-            label="邮箱">
         </el-table-column>
-        <el-table-column
+        <el-table-column prop="otp_secret" label="OTP密钥" width="110">
-            prop="otp_secret"
-            label="OTP密钥"
-            width="110">
           <template slot-scope="scope">
-            <el-button
+            <el-button v-if="!scope.row.disable_otp" type="text" icon="el-icon-view" @click="getOtpImg(scope.row)">
-                v-if="!scope.row.disable_otp"
-                type="text"
-                icon="el-icon-view"
-                @click="getOtpImg(scope.row)">
               {{ scope.row.otp_secret.substring(0, 6) }}
             </el-button>
           </template>
         </el-table-column>
 
-        <el-table-column
+        <el-table-column prop="groups" label="用户组">
-            prop="groups"
-            label="用户组">
           <template slot-scope="scope">
             <el-row v-for="item in scope.row.groups" :key="item">{{ item }}</el-row>
           </template>
         </el-table-column>
 
-        <el-table-column
+        <el-table-column prop="status" label="状态" width="70">
-            prop="status"
-            label="状态"
-            width="70">
           <template slot-scope="scope">
             <el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
             <el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag>
@@ -112,20 +69,12 @@
           </template>
         </el-table-column>
 
-        <el-table-column
+        <el-table-column prop="updated_at" label="更新时间" :formatter="tableDateFormat">
-            prop="updated_at"
-            label="更新时间"
-            :formatter="tableDateFormat">
         </el-table-column>
 
-        <el-table-column
+        <el-table-column label="操作" width="210">
-            label="操作"
-            width="210">
           <template slot-scope="scope">
-            <el-button
+            <el-button size="mini" type="primary" @click="handleEdit(scope.row)">编辑
-                size="mini"
-                type="primary"
-                @click="handleEdit(scope.row)">编辑
             </el-button>
 
             <!--            <el-popconfirm
@@ -139,14 +88,8 @@
                           </el-button>
                         </el-popconfirm>-->
 
-            <el-popconfirm
+            <el-popconfirm class="m-left-10" @confirm="handleDel(scope.row)" title="确定要删除用户吗？">
-                class="m-left-10"
+              <el-button slot="reference" size="mini" type="danger">删除
-                @confirm="handleDel(scope.row)"
-                title="确定要删除用户吗？">
-              <el-button
-                  slot="reference"
-                  size="mini"
-                  type="danger">删除
               </el-button>
             </el-popconfirm>
 
@@ -156,34 +99,20 @@
 
       <div class="sh-20"></div>
 
-      <el-pagination
+      <el-pagination background layout="prev, pager, next" :pager-count="11" @current-change="pageChange"
-          background
+        :current-page="page" :total="count">
-          layout="prev, pager, next"
-          :pager-count="11"
-          @current-change="pageChange"
-          :current-page="page"
-          :total="count">
       </el-pagination>
 
     </el-card>
 
-    <el-dialog
+    <el-dialog title="OTP密钥" :visible.sync="otpImgData.visible" width="350px" center>
-        title="OTP密钥"
-        :visible.sync="otpImgData.visible"
-        width="350px"
-        center>
       <div style="text-align: center">{{ otpImgData.username }} : {{ otpImgData.nickname }}</div>
-      <img :src="otpImgData.base64Img" alt="otp-img"/>
+      <img :src="otpImgData.base64Img" alt="otp-img" />
     </el-dialog>
 
     <!--新增、修改弹出框-->
-    <el-dialog
+    <el-dialog :close-on-click-modal="false" title="用户" :visible="user_edit_dialog" @close="disVisible" width="650px"
-        :close-on-click-modal="false"
+      center>
-        title="用户"
-        :visible="user_edit_dialog"
-        @close="disVisible"
-        width="650px"
-        center>
 
       <el-form :model="ruleForm" :rules="rules" ref="ruleForm" label-width="100px" class="ruleForm">
         <el-form-item label="用户ID" prop="id">
@@ -204,21 +133,13 @@
         </el-form-item>
 
         <el-form-item label="过期时间" prop="limittime">
-          <el-date-picker
+          <el-date-picker v-model="ruleForm.limittime" type="date" size="small" align="center" style="width:130px"
-              v-model="ruleForm.limittime"
+            :picker-options="pickerOptions" placeholder="选择日期">
-              type="date"
-              size="small"
-              align="center"
-              style="width:130px"
-              :picker-options="pickerOptions"
-              placeholder="选择日期">
           </el-date-picker>
         </el-form-item>
 
         <el-form-item label="禁用OTP" prop="disable_otp">
-          <el-switch
+          <el-switch v-model="ruleForm.disable_otp" active-text="开启OTP后，用户密码为PIN码,OTP密码为扫码后生成的动态码">
-              v-model="ruleForm.disable_otp"
-              active-text="开启OTP后，用户密码为【PIN码+OTP动态码】(中间没有+号)">
           </el-switch>
         </el-form-item>
 
@@ -233,8 +154,7 @@
         </el-form-item>
 
         <el-form-item label="发送邮件" prop="send_email">
-          <el-switch
+          <el-switch v-model="ruleForm.send_email">
-              v-model="ruleForm.send_email">
           </el-switch>
         </el-form-item>
 
@@ -286,7 +206,7 @@ export default {
         }
       },
       searchData: '',
-      otpImgData: {visible: false, username: '', nickname: '', base64Img: ''},
+      otpImgData: { visible: false, username: '', nickname: '', base64Img: '' },
       ruleForm: {
         send_email: true,
         status: 1,
@@ -294,30 +214,30 @@ export default {
       },
       rules: {
         username: [
-          {required: true, message: '请输入用户名', trigger: 'blur'},
+          { required: true, message: '请输入用户名', trigger: 'blur' },
-          {max: 50, message: '长度小于 50 个字符', trigger: 'blur'}
+          { max: 50, message: '长度小于 50 个字符', trigger: 'blur' }
         ],
         nickname: [
-          {required: true, message: '请输入用户姓名', trigger: 'blur'}
+          { required: true, message: '请输入用户姓名', trigger: 'blur' }
         ],
         email: [
-          {required: true, message: '请输入用户邮箱', trigger: 'blur'},
+          { required: true, message: '请输入用户邮箱', trigger: 'blur' },
-          {type: 'email', message: '请输入正确的邮箱地址', trigger: ['blur', 'change']}
+          { type: 'email', message: '请输入正确的邮箱地址', trigger: ['blur', 'change'] }
         ],
         password: [
-          {min: 6, message: '长度大于 6 个字符', trigger: 'blur'}
+          { min: 6, message: '长度大于 6 个字符', trigger: 'blur' }
         ],
         pin_code: [
-          {min: 6, message: 'PIN码大于 6 个字符', trigger: 'blur'}
+          { min: 6, message: 'PIN码大于 6 个字符', trigger: 'blur' }
         ],
         date1: [
-          {type: 'date', required: true, message: '请选择日期', trigger: 'change'}
+          { type: 'date', required: true, message: '请选择日期', trigger: 'change' }
         ],
         groups: [
-          {type: 'array', required: true, message: '请至少选择一个组', trigger: 'change'}
+          { type: 'array', required: true, message: '请至少选择一个组', trigger: 'change' }
         ],
         status: [
-          {required: true}
+          { required: true }
         ],
       },
     }
@@ -473,6 +393,4 @@ export default {
 }
 </script>
 
-<style scoped>
+<style scoped></style>
-
-</style>