yanyu/v2board
1
0
Fork 0
mirror of https://github.com/v2board/v2board.git synced 2025-08-01 21:09:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

update: prevention of blasting

Browse Source
This commit is contained in:
v2board
2023-06-24 23:00:02 +08:00
parent 61f1d8a623
commit 757e605921
4 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/V1/Passport/AuthController.php
View File

@ -286,7 +286,11 @@ class AuthController extends Controller
public function forget(AuthForget $request)
{
$forgetRequestLimitKey = CacheKey::get('FORGET_REQUEST_LIMIT', $request->input('email'));
$forgetRequestLimit = (int)Cache::get($forgetRequestLimitKey);
if ($forgetRequestLimit >= 3) abort(500, __('Reset failed, Please try again later'));
if ((string)Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== (string)$request->input('email_code')) {
Cache::put($forgetRequestLimitKey, $forgetRequestLimit ? $forgetRequestLimit + 1 : 1, 300);
abort(500, __('Incorrect email verification code'));
}
$user = User::where('email', $request->input('email'))->first();

3
app/Utils/CacheKey.php
View File

@ -25,7 +25,8 @@ class CacheKey
'REGISTER_IP_RATE_LIMIT' => '注册频率限制',
'LAST_SEND_LOGIN_WITH_MAIL_LINK_TIMESTAMP' => '最后一次发送登入链接时间',
'PASSWORD_ERROR_LIMIT' => '密码错误次数限制',
'USER_SESSIONS' => '用户session'
'USER_SESSIONS' => '用户session',
'FORGET_REQUEST_LIMIT' => '找回密码次数限制'
];
public static function get(string $key, $uniqueValue)