|
|
|
|
|
package middleware
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"fmt"
|
|
|
|
|
|
"net/http"
|
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
|
|
"github.com/veypi/vbase/internal/cache"
|
|
|
|
|
|
"github.com/veypi/vigo"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// RateLimiter 限流中间件
|
|
|
|
|
|
func RateLimiter(maxRequests int, window time.Duration) func(*vigo.X) (any, error) {
|
|
|
|
|
|
return func(x *vigo.X) (any, error) {
|
|
|
|
|
|
if !cache.IsEnabled() {
|
|
|
|
|
|
x.Next()
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 使用IP+路径作为标识
|
|
|
|
|
|
identifier := x.GetRemoteIP()
|
|
|
|
|
|
path := x.Request.URL.Path
|
|
|
|
|
|
|
|
|
|
|
|
count, err := cache.IncrRateLimit(identifier, path, window)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
x.Next() // 缓存失败时放行
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if count > int64(maxRequests) {
|
|
|
|
|
|
x.ResponseWriter().Header().Set("Retry-After", fmt.Sprintf("%d", int(window.Seconds())))
|
|
|
|
|
|
return nil, vigo.NewError("rate limit exceeded").WithCode(http.StatusTooManyRequests)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
x.Next()
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// RateLimiterByUser 基于用户的限流
|
|
|
|
|
|
func RateLimiterByUser(maxRequests int, window time.Duration) func(*vigo.X) (any, error) {
|
|
|
|
|
|
return func(x *vigo.X) (any, error) {
|
|
|
|
|
|
if !cache.IsEnabled() {
|
|
|
|
|
|
x.Next()
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
userID := CurrentUser(x)
|
|
|
|
|
|
if userID == "" {
|
|
|
|
|
|
// 未登录用户使用IP限流
|
|
|
|
|
|
_, err := RateLimiter(maxRequests, window)(x)
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
path := x.Request.URL.Path
|
|
|
|
|
|
count, err := cache.IncrRateLimit("user:"+userID, path, window)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
x.Next()
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if count > int64(maxRequests) {
|
|
|
|
|
|
x.ResponseWriter().Header().Set("Retry-After", fmt.Sprintf("%d", int(window.Seconds())))
|
|
|
|
|
|
return nil, vigo.NewError("rate limit exceeded").WithCode(http.StatusTooManyRequests)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
x.Next()
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// LoginRateLimit 登录限流(更严格)
|
|
|
|
|
|
func LoginRateLimit() func(*vigo.X) (any, error) {
|
|
|
|
|
|
return func(x *vigo.X) (any, error) {
|
|
|
|
|
|
if !cache.IsEnabled() {
|
|
|
|
|
|
x.Next()
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
identifier := x.GetRemoteIP()
|
|
|
|
|
|
key := "login_attempt:" + identifier
|
|
|
|
|
|
|
|
|
|
|
|
count, _ := cache.Incr(key)
|
|
|
|
|
|
if count == 1 {
|
|
|
|
|
|
cache.Expire(key, 15*time.Minute)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 5分钟内超过5次尝试,需要验证码
|
|
|
|
|
|
if count >= 5 {
|
|
|
|
|
|
x.Set("require_captcha", true)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 超过10次直接拒绝
|
|
|
|
|
|
if count >= 10 {
|
|
|
|
|
|
return nil, vigo.NewError("too many login attempts, please try again later").WithCode(http.StatusTooManyRequests)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
x.Next()
|
|
|
|
|
|
return nil, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// ResetLoginAttempts 重置登录尝试次数
|
|
|
|
|
|
func ResetLoginAttempts(x *vigo.X) {
|
|
|
|
|
|
if !cache.IsEnabled() {
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
identifier := x.GetRemoteIP()
|
|
|
|
|
|
key := "login_attempt:" + identifier
|
|
|
|
|
|
cache.Delete(key)
|
|
|
|
|
|
}
|
