yanyu/v2board
1
0
Fork 0
mirror of https://github.com/v2board/v2board.git synced 2025-01-10 08:09:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

update: config & custom password attack rule

Browse Source
This commit is contained in:
v2board 2022-12-20 01:45:21 +08:00
parent c8f3684312
commit 2fed7652fa
10 changed files with 54 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
app/Http/Controllers/Admin/ConfigController.php
View File

@ -87,7 +87,6 @@ class ConfigController extends Controller
'site' => [ 'site' => [
'logo' => config('v2board.logo'), 'logo' => config('v2board.logo'),
'force_https' => (int)config('v2board.force_https', 0), 'force_https' => (int)config('v2board.force_https', 0),
'safe_mode_enable' => (int)config('v2board.safe_mode_enable', 0),
'stop_register' => (int)config('v2board.stop_register', 0), 'stop_register' => (int)config('v2board.stop_register', 0),
'email_verify' => (int)config('v2board.email_verify', 0), 'email_verify' => (int)config('v2board.email_verify', 0),
'app_name' => config('v2board.app_name', 'V2Board'), 'app_name' => config('v2board.app_name', 'V2Board'),
@ -96,19 +95,9 @@ class ConfigController extends Controller
'subscribe_url' => config('v2board.subscribe_url'), 'subscribe_url' => config('v2board.subscribe_url'),
'try_out_plan_id' => (int)config('v2board.try_out_plan_id', 0), 'try_out_plan_id' => (int)config('v2board.try_out_plan_id', 0),
'try_out_hour' => (int)config('v2board.try_out_hour', 1), 'try_out_hour' => (int)config('v2board.try_out_hour', 1),
'email_whitelist_enable' => (int)config('v2board.email_whitelist_enable', 0),
'email_whitelist_suffix' => config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT),
'email_gmail_limit_enable' => config('v2board.email_gmail_limit_enable', 0),
'recaptcha_enable' => (int)config('v2board.recaptcha_enable', 0),
'recaptcha_key' => config('v2board.recaptcha_key'),
'recaptcha_site_key' => config('v2board.recaptcha_site_key'),
'tos_url' => config('v2board.tos_url'), 'tos_url' => config('v2board.tos_url'),
'currency' => config('v2board.currency', 'CNY'), 'currency' => config('v2board.currency', 'CNY'),
'currency_symbol' => config('v2board.currency_symbol', '¥'), 'currency_symbol' => config('v2board.currency_symbol', '¥'),
'register_limit_by_ip_enable' => (int)config('v2board.register_limit_by_ip_enable', 0),
'register_limit_count' => config('v2board.register_limit_count', 3),
'register_limit_expire' => config('v2board.register_limit_expire', 60),
'secure_path' => config('v2board.secure_path', config('v2board.frontend_admin_path', hash('crc32b', config('app.key'))))
], ],
'subscribe' => [ 'subscribe' => [
'plan_change_enable' => (int)config('v2board.plan_change_enable', 1), 'plan_change_enable' => (int)config('v2board.plan_change_enable', 1),
@ -152,6 +141,22 @@ class ConfigController extends Controller
'macos_download_url' => config('v2board.macos_download_url'), 'macos_download_url' => config('v2board.macos_download_url'),
'android_version' => config('v2board.android_version'), 'android_version' => config('v2board.android_version'),
'android_download_url' => config('v2board.android_download_url') 'android_download_url' => config('v2board.android_download_url')
],
'safe' => [
'safe_mode_enable' => (int)config('v2board.safe_mode_enable', 0),
'secure_path' => config('v2board.secure_path', config('v2board.frontend_admin_path', hash('crc32b', config('app.key')))),
'email_whitelist_enable' => (int)config('v2board.email_whitelist_enable', 0),
'email_whitelist_suffix' => config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT),
'email_gmail_limit_enable' => config('v2board.email_gmail_limit_enable', 0),
'recaptcha_enable' => (int)config('v2board.recaptcha_enable', 0),
'recaptcha_key' => config('v2board.recaptcha_key'),
'recaptcha_site_key' => config('v2board.recaptcha_site_key'),
'register_limit_by_ip_enable' => (int)config('v2board.register_limit_by_ip_enable', 0),
'register_limit_count' => config('v2board.register_limit_count', 3),
'register_limit_expire' => config('v2board.register_limit_expire', 60),
'password_limit_enable' => (int)config('v2board.password_limit_enable', 1),
'password_limit_count' => config('v2board.password_limit_count', 5),
'password_limit_expire' => config('v2board.password_limit_expire', 60)
] ]
]; ];
if ($key && isset($data[$key])) { if ($key && isset($data[$key])) {

23
app/Http/Controllers/Passport/AuthController.php
View File

@ -189,10 +189,13 @@ class AuthController extends Controller
$email = $request->input('email'); $email = $request->input('email');
$password = $request->input('password'); $password = $request->input('password');
$passwordErrorCount = (int)Cache::get(CacheKey::get('PASSWORD_ERROR_LIMIT', $email), 0); if ((int)config('v2board.password_limit_enable', 1)) {
$passwordErrorCount = (int)Cache::get(CacheKey::get('PASSWORD_ERROR_LIMIT', $email), 0);
if ($passwordErrorCount >= 5) { if ($passwordErrorCount >= (int)config('v2board.password_limit_count', 5)) {
abort(500, __('There are too many password errors, please try again after 30 minutes.')); abort(500, __('There are too many password errors, please try again after :minute minutes.', [
'minute' => config('v2board.password_limit_expire', 60)
]));
}
} }
$user = User::where('email', $email)->first(); $user = User::where('email', $email)->first();
@ -205,11 +208,13 @@ class AuthController extends Controller
$password, $password,
$user->password) $user->password)
) { ) {
Cache::put( if ((int)config('v2board.password_limit_enable')) {
CacheKey::get('PASSWORD_ERROR_LIMIT', $email), Cache::put(
(int)$passwordErrorCount + 1, CacheKey::get('PASSWORD_ERROR_LIMIT', $email),
30 * 60 (int)$passwordErrorCount + 1,
); 60 * (int)config('v2board.password_limit_expire', 60)
);
}
abort(500, __('Incorrect email or password')); abort(500, __('Incorrect email or password'));
} }

30
app/Http/Requests/Admin/ConfigSave.php
View File

@ -24,9 +24,7 @@ class ConfigSave extends FormRequest
// site // site
'logo' => 'nullable|url', 'logo' => 'nullable|url',
'force_https' => 'in:0,1', 'force_https' => 'in:0,1',
'safe_mode_enable' => 'in:0,1',
'stop_register' => 'in:0,1', 'stop_register' => 'in:0,1',
'email_verify' => 'in:0,1',
'app_name' => '', 'app_name' => '',
'app_description' => '', 'app_description' => '',
'app_url' => 'nullable|url', 'app_url' => 'nullable|url',
@ -34,19 +32,9 @@ class ConfigSave extends FormRequest
'try_out_enable' => 'in:0,1', 'try_out_enable' => 'in:0,1',
'try_out_plan_id' => 'integer', 'try_out_plan_id' => 'integer',
'try_out_hour' => 'numeric', 'try_out_hour' => 'numeric',
'email_whitelist_enable' => 'in:0,1',
'email_whitelist_suffix' => 'nullable|array',
'email_gmail_limit_enable' => 'in:0,1',
'recaptcha_enable' => 'in:0,1',
'recaptcha_key' => '',
'recaptcha_site_key' => '',
'tos_url' => 'nullable|url', 'tos_url' => 'nullable|url',
'currency' => '', 'currency' => '',
'currency_symbol' => '', 'currency_symbol' => '',
'register_limit_by_ip_enable' => 'in:0,1',
'register_limit_count' => 'integer',
'register_limit_expire' => 'integer',
'secure_path' => 'min:8|regex:/^[\w-]*$/',
// subscribe // subscribe
'plan_change_enable' => 'in:0,1', 'plan_change_enable' => 'in:0,1',
'reset_traffic_method' => 'in:0,1,2,3,4', 'reset_traffic_method' => 'in:0,1,2,3,4',
@ -85,7 +73,23 @@ class ConfigSave extends FormRequest
'macos_version' => '', 'macos_version' => '',
'macos_download_url' => '', 'macos_download_url' => '',
'android_version' => '', 'android_version' => '',
'android_download_url' => '' 'android_download_url' => '',
// safe
'email_whitelist_enable' => 'in:0,1',
'email_whitelist_suffix' => 'nullable|array',
'email_gmail_limit_enable' => 'in:0,1',
'recaptcha_enable' => 'in:0,1',
'recaptcha_key' => '',
'recaptcha_site_key' => '',
'email_verify' => 'in:0,1',
'safe_mode_enable' => 'in:0,1',
'register_limit_by_ip_enable' => 'in:0,1',
'register_limit_count' => 'integer',
'register_limit_expire' => 'integer',
'secure_path' => 'min:8|regex:/^[\w-]*$/',
'password_limit_enable' => 'in:0,1',
'password_limit_count' => 'integer',
'password_limit_expire' => 'integer',
]; ];
/** /**
* Get the validation rules that apply to the request. * Get the validation rules that apply to the request.

2
config/app.php
View File

@ -237,5 +237,5 @@ return [
| The only modification by laravel config | The only modification by laravel config
| |
*/ */
'version' => '1.7.2.1671294313058' 'version' => '1.7.2.1671471846226'
]; ];

2
public/assets/admin/components.async.js vendored
View File

File diff suppressed because one or more lines are too long

2
public/assets/admin/components.chunk.css vendored
View File

File diff suppressed because one or more lines are too long

2
public/assets/admin/umi.js vendored
View File

File diff suppressed because one or more lines are too long

2
public/assets/admin/vendors.async.js vendored
View File

File diff suppressed because one or more lines are too long

2
resources/lang/en-US.json
View File

@ -94,5 +94,5 @@
"Login to :name": "Login to :name", "Login to :name": "Login to :name",
"Sending frequently, please try again later": "Sending frequently, please try again later", "Sending frequently, please try again later": "Sending frequently, please try again later",
"Current product is sold out": "Current product is sold out", "Current product is sold out": "Current product is sold out",
"There are too many password errors, please try again after 30 minutes.": "There are too many password errors, please try again after 30 minutes." "There are too many password errors, please try again after :minute minutes.": "There are too many password errors, please try again after :minute minutes."
} }

2
resources/lang/zh-CN.json
View File

@ -94,5 +94,5 @@
"Login to :name": "登入到 :name", "Login to :name": "登入到 :name",
"Sending frequently, please try again later": "发送频繁,请稍后再试", "Sending frequently, please try again later": "发送频繁,请稍后再试",
"Current product is sold out": "当前商品已售罄", "Current product is sold out": "当前商品已售罄",
"There are too many password errors, please try again after 30 minutes.": "密码错误次数过多,请 30 分钟后再试" "There are too many password errors, please try again after :minute minutes.": "密码错误次数过多,请 :minute 分钟后再试"
} }