update: config & custom password attack rule

2024-11-10 09:39:10 +08:00 · 2022-12-20 01:45:21 +08:00 · 2022-12-20 01:45:21 +08:00 · 2fed7652fa
commit 2fed7652fa
parent c8f3684312
10 changed files with 54 additions and 40 deletions
--- a/app/Http/Controllers/Admin/ConfigController.php
+++ b/app/Http/Controllers/Admin/ConfigController.php
@ -87,7 +87,6 @@ class ConfigController extends Controller
            'site' => [
                'logo' => config('v2board.logo'),
                'force_https' => (int)config('v2board.force_https', 0),
-                'safe_mode_enable' => (int)config('v2board.safe_mode_enable', 0),
                'stop_register' => (int)config('v2board.stop_register', 0),
                'email_verify' => (int)config('v2board.email_verify', 0),
                'app_name' => config('v2board.app_name', 'V2Board'),
@ -96,19 +95,9 @@ class ConfigController extends Controller
                'subscribe_url' => config('v2board.subscribe_url'),
                'try_out_plan_id' => (int)config('v2board.try_out_plan_id', 0),
                'try_out_hour' => (int)config('v2board.try_out_hour', 1),
-                'email_whitelist_enable' => (int)config('v2board.email_whitelist_enable', 0),
-                'email_whitelist_suffix' => config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT),
-                'email_gmail_limit_enable' => config('v2board.email_gmail_limit_enable', 0),
-                'recaptcha_enable' => (int)config('v2board.recaptcha_enable', 0),
-                'recaptcha_key' => config('v2board.recaptcha_key'),
-                'recaptcha_site_key' => config('v2board.recaptcha_site_key'),
                'tos_url' => config('v2board.tos_url'),
                'currency' => config('v2board.currency', 'CNY'),
                'currency_symbol' => config('v2board.currency_symbol', '¥'),
-                'register_limit_by_ip_enable' => (int)config('v2board.register_limit_by_ip_enable', 0),
-                'register_limit_count' => config('v2board.register_limit_count', 3),
-                'register_limit_expire' => config('v2board.register_limit_expire', 60),
-                'secure_path' => config('v2board.secure_path', config('v2board.frontend_admin_path', hash('crc32b', config('app.key'))))
            ],
            'subscribe' => [
                'plan_change_enable' => (int)config('v2board.plan_change_enable', 1),
@ -152,6 +141,22 @@ class ConfigController extends Controller
                'macos_download_url' => config('v2board.macos_download_url'),
                'android_version' => config('v2board.android_version'),
                'android_download_url' => config('v2board.android_download_url')
+            ],
+            'safe' => [
+                'safe_mode_enable' => (int)config('v2board.safe_mode_enable', 0),
+                'secure_path' => config('v2board.secure_path', config('v2board.frontend_admin_path', hash('crc32b', config('app.key')))),
+                'email_whitelist_enable' => (int)config('v2board.email_whitelist_enable', 0),
+                'email_whitelist_suffix' => config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT),
+                'email_gmail_limit_enable' => config('v2board.email_gmail_limit_enable', 0),
+                'recaptcha_enable' => (int)config('v2board.recaptcha_enable', 0),
+                'recaptcha_key' => config('v2board.recaptcha_key'),
+                'recaptcha_site_key' => config('v2board.recaptcha_site_key'),
+                'register_limit_by_ip_enable' => (int)config('v2board.register_limit_by_ip_enable', 0),
+                'register_limit_count' => config('v2board.register_limit_count', 3),
+                'register_limit_expire' => config('v2board.register_limit_expire', 60),
+                'password_limit_enable' => (int)config('v2board.password_limit_enable', 1),
+                'password_limit_count' => config('v2board.password_limit_count', 5),
+                'password_limit_expire' => config('v2board.password_limit_expire', 60)
            ]
        ];
        if ($key && isset($data[$key])) {
--- a/app/Http/Controllers/Passport/AuthController.php
+++ b/app/Http/Controllers/Passport/AuthController.php
@ -189,10 +189,13 @@ class AuthController extends Controller
        $email = $request->input('email');
        $password = $request->input('password');

+        if ((int)config('v2board.password_limit_enable', 1)) {
            $passwordErrorCount = (int)Cache::get(CacheKey::get('PASSWORD_ERROR_LIMIT', $email), 0);
-
-        if ($passwordErrorCount >= 5) {
-            abort(500, __('There are too many password errors, please try again after 30 minutes.'));
+            if ($passwordErrorCount >= (int)config('v2board.password_limit_count', 5)) {
+                abort(500, __('There are too many password errors, please try again after :minute minutes.', [
+                    'minute' => config('v2board.password_limit_expire', 60)
+                ]));
+            }
        }

        $user = User::where('email', $email)->first();
@ -205,11 +208,13 @@ class AuthController extends Controller
            $password,
            $user->password)
        ) {
+            if ((int)config('v2board.password_limit_enable')) {
                Cache::put(
                    CacheKey::get('PASSWORD_ERROR_LIMIT', $email),
                    (int)$passwordErrorCount + 1,
-                30 * 60
+                    60 * (int)config('v2board.password_limit_expire', 60)
                );
+            }
            abort(500, __('Incorrect email or password'));
        }

--- a/app/Http/Requests/Admin/ConfigSave.php
+++ b/app/Http/Requests/Admin/ConfigSave.php
@ -24,9 +24,7 @@ class ConfigSave extends FormRequest
        // site
        'logo' => 'nullable|url',
        'force_https' => 'in:0,1',
-        'safe_mode_enable' => 'in:0,1',
        'stop_register' => 'in:0,1',
-        'email_verify' => 'in:0,1',
        'app_name' => '',
        'app_description' => '',
        'app_url' => 'nullable|url',
@ -34,19 +32,9 @@ class ConfigSave extends FormRequest
        'try_out_enable' => 'in:0,1',
        'try_out_plan_id' => 'integer',
        'try_out_hour' => 'numeric',
-        'email_whitelist_enable' => 'in:0,1',
-        'email_whitelist_suffix' => 'nullable|array',
-        'email_gmail_limit_enable' => 'in:0,1',
-        'recaptcha_enable' => 'in:0,1',
-        'recaptcha_key' => '',
-        'recaptcha_site_key' => '',
        'tos_url' => 'nullable|url',
        'currency' => '',
        'currency_symbol' => '',
-        'register_limit_by_ip_enable' => 'in:0,1',
-        'register_limit_count' => 'integer',
-        'register_limit_expire' => 'integer',
-        'secure_path' => 'min:8|regex:/^[\w-]*$/',
        // subscribe
        'plan_change_enable' => 'in:0,1',
        'reset_traffic_method' => 'in:0,1,2,3,4',
@ -85,7 +73,23 @@ class ConfigSave extends FormRequest
        'macos_version' => '',
        'macos_download_url' => '',
        'android_version' => '',
-        'android_download_url' => ''
+        'android_download_url' => '',
+        // safe
+        'email_whitelist_enable' => 'in:0,1',
+        'email_whitelist_suffix' => 'nullable|array',
+        'email_gmail_limit_enable' => 'in:0,1',
+        'recaptcha_enable' => 'in:0,1',
+        'recaptcha_key' => '',
+        'recaptcha_site_key' => '',
+        'email_verify' => 'in:0,1',
+        'safe_mode_enable' => 'in:0,1',
+        'register_limit_by_ip_enable' => 'in:0,1',
+        'register_limit_count' => 'integer',
+        'register_limit_expire' => 'integer',
+        'secure_path' => 'min:8|regex:/^[\w-]*$/',
+        'password_limit_enable' => 'in:0,1',
+        'password_limit_count' => 'integer',
+        'password_limit_expire' => 'integer',
    ];
    /**
     * Get the validation rules that apply to the request.
--- a/config/app.php
+++ b/config/app.php
@ -237,5 +237,5 @@ return [
    | The only modification by laravel config
    |
    */
-    'version' => '1.7.2.1671294313058'
+    'version' => '1.7.2.1671471846226'
 ];
--- a/public/assets/admin/components.async.js
+++ b/public/assets/admin/components.async.js
--- a/public/assets/admin/components.chunk.css
+++ b/public/assets/admin/components.chunk.css
--- a/public/assets/admin/umi.js
+++ b/public/assets/admin/umi.js
--- a/public/assets/admin/vendors.async.js
+++ b/public/assets/admin/vendors.async.js
--- a/resources/lang/en-US.json
+++ b/resources/lang/en-US.json
@ -94,5 +94,5 @@
    "Login to :name": "Login to :name",
    "Sending frequently, please try again later": "Sending frequently, please try again later",
    "Current product is sold out": "Current product is sold out",
-    "There are too many password errors, please try again after 30 minutes.": "There are too many password errors, please try again after 30 minutes."
+    "There are too many password errors, please try again after :minute minutes.": "There are too many password errors, please try again after :minute minutes."
 }
--- a/resources/lang/zh-CN.json
+++ b/resources/lang/zh-CN.json
@ -94,5 +94,5 @@
    "Login to :name": "登入到 :name",
    "Sending frequently, please try again later": "发送频繁，请稍后再试",
    "Current product is sold out": "当前商品已售罄",
-    "There are too many password errors, please try again after 30 minutes.": "密码错误次数过多，请 30 分钟后再试"
+    "There are too many password errors, please try again after :minute minutes.": "密码错误次数过多，请 :minute 分钟后再试"
 }