fix(middleware): 修复首次访问验证码逻辑

- 添加了文章页面访问路径的判断逻辑
- 修正了首次访问验证码检查条件，排除文章页面
- 优化

Author: csfwff

src/main/java/org/b3log/symphony/processor/middleware/AnonymousViewCheckMidware.java

@@ -175,7 +175,7 @@ public void handle(final RequestContext context) {
 
         final Request request = context.getRequest();
         final String requestURI = context.requestURI();
-        final boolean firstVisitArticle = requestURI.startsWith(Latkes.getContextPath() + "/article/");
+        final boolean firstVisitArticle = requestURI.startsWith("/article/");
         JSONObject currentUser = Sessions.getUser();
         try {
             currentUser = ApiProcessor.getUserByKey(context.param("apiKey"));

src/main/java/org/b3log/symphony/service/CronMgmtService.java

@@ -308,6 +308,19 @@ public void start() {
             }
         }, delay, 1 * 60 * 1000, TimeUnit.MILLISECONDS);
         delay += 2000;
+
+        // 清理防火墙计数过期桶，避免 Map/BANNED 长期膨胀
+        Symphonys.SCHEDULED_EXECUTOR_SERVICE.scheduleAtFixedRate(() -> {
+            try {
+                final long bucket = System.currentTimeMillis() / TimeUnit.MINUTES.toMillis(1);
+                org.b3log.symphony.util.Firewall.cleanupOldBuckets(bucket);
+            } catch (final Exception e) {
+                LOGGER.log(Level.ERROR, "Executes firewall cleanup failed", e);
+            } finally {
+                Stopwatchs.release();
+            }
+        }, delay, 5 * 60 * 1000, TimeUnit.MILLISECONDS);
+        delay += 2000;
     }
 
     /**

src/main/java/org/b3log/symphony/util/Firewall.java

@@ -28,6 +28,7 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.LongAdder;
 
 /**
  * Lightweight CC firewall: if an IP exceeds {@link #THRESHOLD} requests within a minute, ban it via ipset.
@@ -87,7 +88,7 @@ public static boolean recordAndMaybeBan(final String ip) {
             if (existing == null || existing.bucket != nowBucket) {
                 return new Counter(nowBucket, 1);
             }
-            existing.count++;
+            existing.count.increment();
             return existing;
         });
 
@@ -96,7 +97,7 @@ public static boolean recordAndMaybeBan(final String ip) {
             cleanupOldBuckets(nowBucket);
         }
 
-        if (counter.count > threshold && BANNED.add(ip)) {
+        if (counter.count.sum() > threshold && BANNED.add(ip)) {
             // Run ban asynchronously on a virtual thread to keep request path light.
             Thread.startVirtualThread(() -> {
                 try {
@@ -114,7 +115,7 @@ public static boolean recordAndMaybeBan(final String ip) {
         return !BANNED.contains(ip);
     }
 
-    private static void cleanupOldBuckets(final long currentBucket) {
+    public static void cleanupOldBuckets(final long currentBucket) {
         COUNTERS.entrySet().removeIf(entry -> entry.getValue().bucket != currentBucket);
     }
 
@@ -150,11 +151,11 @@ public static int getDefaultThreshold() {
 
     private static final class Counter {
         private final long bucket;
-        private int count;
+        private final LongAdder count = new LongAdder();
 
         private Counter(final long bucket, final int count) {
             this.bucket = bucket;
-            this.count = count;
+            this.count.add(count);
         }
     }
 }