Merge pull request from GHSA-c69x-5xmw-v44x

* feat: limit too many login request

* fix: fix error rate limt

---------

Signed-off-by: CorrectRoadH <a778917369@gmail.com>
This commit is contained in:
CorrectRoadH 2024-02-05 14:15:00 +08:00 committed by GitHub
parent c75063d7ca
commit 62006f61b5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 1 deletions

2
go.mod
View File

@ -15,6 +15,7 @@ require (
github.com/tidwall/gjson v1.14.4
go.uber.org/zap v1.24.0
golang.org/x/net v0.17.0
golang.org/x/time v0.3.0
gopkg.in/ini.v1 v1.67.0
gorm.io/gorm v1.25.0
)
@ -75,7 +76,6 @@ require (
golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 // indirect
golang.org/x/sys v0.14.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect

View File

@ -32,6 +32,7 @@ import (
uuid "github.com/satori/go.uuid"
"github.com/tidwall/gjson"
"go.uber.org/zap"
"golang.org/x/time/rate"
"github.com/IceWhaleTech/CasaOS-UserService/service"
"github.com/gin-gonic/gin"
@ -84,6 +85,8 @@ func PostUserRegister(c *gin.Context) {
c.JSON(common_err.SUCCESS, model.Result{Success: common_err.SUCCESS, Message: common_err.GetMsg(common_err.SUCCESS)})
}
var limiter = rate.NewLimiter(rate.Every(time.Minute), 5)
// @Summary login
// @Produce application/json
// @Accept application/json
@ -93,6 +96,16 @@ func PostUserRegister(c *gin.Context) {
// @Success 200 {string} string "ok"
// @Router /user/login [post]
func PostUserLogin(c *gin.Context) {
if !limiter.Allow() {
c.JSON(common_err.TOO_MANY_REQUEST,
model.Result{
Success: common_err.TOO_MANY_LOGIN_REQUESTS,
Message: common_err.GetMsg(common_err.TOO_MANY_LOGIN_REQUESTS),
})
return
}
json := make(map[string]string)
c.ShouldBind(&json)