yanyu/v2board
1
0
Fork 0
mirror of https://github.com/v2board/v2board.git synced 2025-11-01 01:41:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

update: config & custom password attack rule

Browse Source
This commit is contained in:
v2board
2022-12-20 01:45:21 +08:00
parent c8f3684312
commit 2fed7652fa
10 changed files with 54 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
app/Http/Controllers/Passport/AuthController.php
View File

@@ -189,10 +189,13 @@ class AuthController extends Controller
$email = $request->input('email');
$password = $request->input('password');
$passwordErrorCount = (int)Cache::get(CacheKey::get('PASSWORD_ERROR_LIMIT', $email), 0);
if ($passwordErrorCount >= 5) {
abort(500, __('There are too many password errors, please try again after 30 minutes.'));
if ((int)config('v2board.password_limit_enable', 1)) {
$passwordErrorCount = (int)Cache::get(CacheKey::get('PASSWORD_ERROR_LIMIT', $email), 0);
if ($passwordErrorCount >= (int)config('v2board.password_limit_count', 5)) {
abort(500, __('There are too many password errors, please try again after :minute minutes.', [
'minute' => config('v2board.password_limit_expire', 60)
]));
}
}
$user = User::where('email', $email)->first();
@@ -205,11 +208,13 @@ class AuthController extends Controller
$password,
$user->password)
) {
Cache::put(
CacheKey::get('PASSWORD_ERROR_LIMIT', $email),
(int)$passwordErrorCount + 1,
30 * 60
);
if ((int)config('v2board.password_limit_enable')) {
Cache::put(
CacheKey::get('PASSWORD_ERROR_LIMIT', $email),
(int)$passwordErrorCount + 1,
60 * (int)config('v2board.password_limit_expire', 60)
);
}
abort(500, __('Incorrect email or password'));
}