feat(chatroom): 添加 GenMetal功能并优化验证码发送逻辑

- 在 ChatroomProcessor 中添加 genMetal 方法，实现 GenMetal 图片生成功能
- 在 LoginProcessor 和 SettingsProcessor 中增加 verifySMSCodeLimiterOfIPLong 限制器，用于长时间尺度的 IP 验证码发送限制
- 更新验证码发送逻辑，增加多层限制以提高系统安全性
- 在 symphony.properties 中添加 gen.metal.url 配置项，指定 GenMetal 服务地址

Author: adlered

src/main/java/org/b3log/symphony/processor/ChatroomProcessor.java

@@ -18,6 +18,8 @@
  */
 package org.b3log.symphony.processor;
 
+import jodd.http.HttpRequest;
+import jodd.http.HttpResponse;
 import org.apache.commons.lang.RandomStringUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.time.DateFormatUtils;
@@ -216,6 +218,28 @@ public static void register() {
 
         Dispatcher.get("/chat-room/node/get", chatroomProcessor::getNode, loginCheck::handle);
         Dispatcher.post("/chat-room/node/push", chatroomProcessor::nodePush);
+
+        Dispatcher.get("/gen", chatroomProcessor::genMetal, loginCheck::handle);
+    }
+
+    public void genMetal(final RequestContext context) {
+        Set<String> params = context.getRequest().getParameterNames();
+        String paramString = "";
+        for (String param : params) {
+            paramString += param + "=" + context.getRequest().getParameter(param) + "&";
+        }
+        paramString = "?" + paramString.substring(0, paramString.length() - 1);
+        String genUrl = Symphonys.get("gen.metal.url") + paramString;
+        final HttpRequest req = HttpRequest.get(genUrl).header(Common.USER_AGENT, Symphonys.USER_AGENT_BOT);
+        final HttpResponse res = req.connectionTimeout(3000).timeout(5000).send();
+        res.close();
+        if (200 != res.statusCode()) {
+            context.sendError(500);
+            return;
+        }
+        String body = res.charset("utf-8").bodyText();
+        context.getResponse().setContentType("image/svg+xml");
+        context.getResponse().sendBytes(body.getBytes());
     }
 
     public void nodePush(final RequestContext context) {

src/main/java/org/b3log/symphony/processor/LoginProcessor.java

@@ -323,7 +323,7 @@ public void forgetPwd(final RequestContext context) {
             final String userId = user.optString(Keys.OBJECT_ID);
             final String ip = Requests.getRemoteAddr(context.getRequest());
             final String name = user.optString(User.USER_NAME);
-            if (verifySMSCodeLimiterOfIP.access(ip) && verifySMSCodeLimiterOfName.access(name) && verifySMSCodeLimiterOfPhone.access(phone)) {
+            if (verifySMSCodeLimiterOfIPLong.access(ip) && verifySMSCodeLimiterOfIP.access(ip) && verifySMSCodeLimiterOfName.access(name) && verifySMSCodeLimiterOfPhone.access(phone)) {
                 final String code = RandomStringUtils.randomNumeric(6);
                 if (!verifycodeMgmtService.sendVerifyCodeSMS(phone, code)) {
                     context.renderMsg("验证码发送失败，请稍候重试");
@@ -540,6 +540,7 @@ public void showRegister(final RequestContext context) {
      *
      * @param context the specified context
      */
+    public static SimpleCurrentLimiter verifySMSCodeLimiterOfIPLong = new SimpleCurrentLimiter(60 * 60 * 24, 3);
     public static SimpleCurrentLimiter verifySMSCodeLimiterOfIP = new SimpleCurrentLimiter(600, 2);
     public static SimpleCurrentLimiter verifySMSCodeLimiterOfName = new SimpleCurrentLimiter(600, 2);
     public static SimpleCurrentLimiter verifySMSCodeLimiterOfPhone = new SimpleCurrentLimiter(600, 2);
@@ -549,7 +550,7 @@ public void register(final RequestContext context) {
         final JSONObject requestJSONObject = context.getRequest().getJSON();
         final String name = requestJSONObject.optString(User.USER_NAME);
         final String userPhone = requestJSONObject.optString("userPhone");
-        if (verifySMSCodeLimiterOfIP.access(ip) && verifySMSCodeLimiterOfName.access(name) && verifySMSCodeLimiterOfPhone.access(userPhone)) {
+        if (verifySMSCodeLimiterOfIPLong.access(ip) && verifySMSCodeLimiterOfIP.access(ip) && verifySMSCodeLimiterOfName.access(name) && verifySMSCodeLimiterOfPhone.access(userPhone)) {
             final String invitecode = requestJSONObject.optString(Invitecode.INVITECODE);
 
             final JSONObject user = new JSONObject();

src/main/java/org/b3log/symphony/processor/SettingsProcessor.java

@@ -465,7 +465,7 @@ public void sendPhoneVC(final RequestContext context) {
             final String name = user.optString(User.USER_NAME);
             final String ip = Requests.getRemoteAddr(context.getRequest());
 
-            if (LoginProcessor.verifySMSCodeLimiterOfIP.access(ip) && LoginProcessor.verifySMSCodeLimiterOfName.access(name) && LoginProcessor.verifySMSCodeLimiterOfPhone.access(userPhone)) {
+            if (LoginProcessor.verifySMSCodeLimiterOfIPLong.access(ip) && LoginProcessor.verifySMSCodeLimiterOfIP.access(ip) && LoginProcessor.verifySMSCodeLimiterOfName.access(name) && LoginProcessor.verifySMSCodeLimiterOfPhone.access(userPhone)) {
                 final String code = RandomStringUtils.randomNumeric(6);
                 if (!verifycodeMgmtService.sendVerifyCodeSMS(userPhone, code)) {
                     context.renderMsg("验证码发送失败，请稍候重试");

src/main/resources/symphony.properties

@@ -357,4 +357,8 @@ pay.wechat.key=
 # Rhyus
 chatroom.node.url=ws://127.0.0.1:10831,\u6cb3\u5317\u4e00\u533a,1
 #ws://121.62.31.42:10831
-chatroom.node.adminKey=123456
+chatroom.node.adminKey=123456
+
+# GenMetal
+#gen.metal.url=http://10.0.8.4:5000/gen
+gen.metal.url=https://fishpi.cn/gen