Home Explore Help
Register Sign In
Apq
/
v2board
mirror of https://github.com/v2board/v2board.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

update: prevention of blasting

v2board 2 years ago
parent
61f1d8a623
commit
757e605921
4 changed files with 10 additions and 3 deletions
Split View Show Diff Stats
  1. 4 0
      app/Http/Controllers/V1/Passport/AuthController.php
  2. 2 1
      app/Utils/CacheKey.php
  3. 2 1
      resources/lang/en-US.json
  4. 2 1
      resources/lang/zh-CN.json

+ 4 - 0
app/Http/Controllers/V1/Passport/AuthController.php
View File 

@@ -286,7 +286,11 @@ class AuthController extends Controller
 
 
     public function forget(AuthForget $request)
 
     {
 
+        $forgetRequestLimitKey = CacheKey::get('FORGET_REQUEST_LIMIT', $request->input('email'));
 
+        $forgetRequestLimit = (int)Cache::get($forgetRequestLimitKey);
 
+        if ($forgetRequestLimit >= 3) abort(500, __('Reset failed, Please try again later'));
 
         if ((string)Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== (string)$request->input('email_code')) {
 
+            Cache::put($forgetRequestLimitKey, $forgetRequestLimit ? $forgetRequestLimit + 1 : 1, 300);
 
             abort(500, __('Incorrect email verification code'));
 
         }
 
         $user = User::where('email', $request->input('email'))->first();

+ 2 - 1
app/Utils/CacheKey.php
View File 

@@ -25,7 +25,8 @@ class CacheKey
 
         'REGISTER_IP_RATE_LIMIT' => '注册频率限制',
 
         'LAST_SEND_LOGIN_WITH_MAIL_LINK_TIMESTAMP' => '最后一次发送登入链接时间',
 
         'PASSWORD_ERROR_LIMIT' => '密码错误次数限制',
 
-        'USER_SESSIONS' => '用户session'
 
+        'USER_SESSIONS' => '用户session',
 
+        'FORGET_REQUEST_LIMIT' => '找回密码次数限制'
 
     ];
 
 
     public static function get(string $key, $uniqueValue)

+ 2 - 1
resources/lang/en-US.json
View File 

@@ -94,5 +94,6 @@
 
     "Login to :name": "Login to :name",
 
     "Sending frequently, please try again later": "Sending frequently, please try again later",
 
     "Current product is sold out": "Current product is sold out",
 
-    "There are too many password errors, please try again after :minute minutes.": "There are too many password errors, please try again after :minute minutes."
 
+    "There are too many password errors, please try again after :minute minutes.": "There are too many password errors, please try again after :minute minutes.",
 
+    "Reset failed, Please try again later": "Reset failed, Please try again later"
 
 }

+ 2 - 1
resources/lang/zh-CN.json
View File 

@@ -94,5 +94,6 @@
 
     "Login to :name": "登入到 :name",
 
     "Sending frequently, please try again later": "发送频繁,请稍后再试",
 
     "Current product is sold out": "当前商品已售罄",
 
-    "There are too many password errors, please try again after :minute minutes.": "密码错误次数过多,请 :minute 分钟后再试"
 
+    "There are too many password errors, please try again after :minute minutes.": "密码错误次数过多,请 :minute 分钟后再试",
 
+    "Reset failed, Please try again later": "重置失败,请稍后再试"
 
 }