feat: 增加登录错误限制

universero · universero · commit 7f4112c0e364 · 2025-10-30T17:49:59.000+08:00
diff --git a/biz/application/basicuser/basic_user.go b/biz/application/basicuser/basic_user.go
@@ -2,6 +2,8 @@ package basicuser
 
 import (
 	"context"
+	"fmt"
+	"strconv"
 
 	model "github.com/xh-polaris/synapse/biz/api/model/basicuser"
 	"github.com/xh-polaris/synapse/biz/application/base/token"
@@ -10,9 +12,11 @@ import (
 	"github.com/xh-polaris/synapse/biz/conf"
 	"github.com/xh-polaris/synapse/biz/domain/basicuser/entity"
 	basicuser "github.com/xh-polaris/synapse/biz/domain/basicuser/service"
+	"github.com/xh-polaris/synapse/biz/infra/contract/risk"
 	"github.com/xh-polaris/synapse/biz/infra/contract/sms"
 	ctxcache "github.com/xh-polaris/synapse/biz/pkg/ctxcache/ctx_cache"
 	"github.com/xh-polaris/synapse/biz/pkg/errorx"
+	"github.com/xh-polaris/synapse/biz/pkg/logs"
 	"github.com/xh-polaris/synapse/biz/types/cst"
 	"github.com/xh-polaris/synapse/biz/types/errno"
 )
@@ -69,11 +73,23 @@ func (s *BasicUserService) RegisterNewBasicUser(ctx context.Context, req *model.
 }
 
 func (s *BasicUserService) validPhoneVerify(ctx context.Context, app, phone, code string) error {
+	// 判断是否到上限
+	key := fmt.Sprintf("risk:login:passport:%s", phone)
+	limit, _, err := risk.CheckUpperLimit(ctx, key, conf.GetConfig().Token.MaxInPeriod)
+	if err != nil {
+		return err
+	}
+	if limit { // 达到上限, 不允许校验
+		return errorx.New(errno.TooOftenLoginError, errorx.KV("period", strconv.Itoa(conf.GetConfig().SMS.Period/60)))
+	}
 	ok, err := s.sms.Check(ctx, app, "passport", phone, code)
 	if err != nil {
 		return err
 	}
 	if !ok {
+		if err = risk.AddOnce(ctx, key, conf.GetConfig().Token.Period); err != nil {
+			logs.Errorf("record send verify err:%s", err)
+		}
 		return errorx.New(errno.ErrVerifyCode)
 	}
 	return err
diff --git a/biz/conf/token.go b/biz/conf/token.go
@@ -7,9 +7,11 @@ import (
 )
 
 type Token struct {
-	PublicKey string
-	SecretKey string
-	Expire    int64
+	PublicKey   string
+	SecretKey   string
+	Expire      int64
+	Period      int // 重试周期
+	MaxInPeriod int // 重试周期内最多登录失败次数
 }
 
 func GetSecretKey(sk string) (*rsa.PrivateKey, error) {
diff --git a/biz/domain/basicuser/service/basic_user_impl.go b/biz/domain/basicuser/service/basic_user_impl.go
@@ -2,15 +2,20 @@ package service
 
 import (
 	"context"
+	"fmt"
+	"strconv"
 	"time"
 
 	"github.com/bytedance/sonic"
+	"github.com/xh-polaris/synapse/biz/conf"
 	"github.com/xh-polaris/synapse/biz/domain/basicuser/dal/model"
 	"github.com/xh-polaris/synapse/biz/domain/basicuser/entity"
 	"github.com/xh-polaris/synapse/biz/domain/basicuser/repo"
 	"github.com/xh-polaris/synapse/biz/infra/contract/id"
+	"github.com/xh-polaris/synapse/biz/infra/contract/risk"
 	"github.com/xh-polaris/synapse/biz/pkg/errorx"
 	"github.com/xh-polaris/synapse/biz/pkg/lang/crypt"
+	"github.com/xh-polaris/synapse/biz/pkg/logs"
 	"github.com/xh-polaris/synapse/biz/types/cst"
 	"github.com/xh-polaris/synapse/biz/types/errno"
 )
@@ -38,10 +43,21 @@ func (i *userImpl) LoginByPhone(ctx context.Context, requirePassword bool, phone
 		return nil, errorx.New(errno.PhoneNotExisted)
 	}
 	if requirePassword {
+		key := fmt.Sprintf("risk:login:passport:%s", phone)
+		limit, _, err := risk.CheckUpperLimit(ctx, key, conf.GetConfig().Token.MaxInPeriod)
+		if err != nil {
+			return nil, err
+		}
+		if limit { // 达到上限, 不允许校验
+			return nil, errorx.New(errno.TooOftenLoginError, errorx.KV("period", strconv.Itoa(conf.GetConfig().SMS.Period/60)))
+		}
 		if u.Password == nil || *u.Password == "" {
 			return nil, errorx.New(errno.NoPassword)
 		}
 		if !crypt.Check(verify, *u.Password) {
+			if err = risk.AddOnce(ctx, key, conf.GetConfig().Token.Period); err != nil {
+				logs.Errorf("record send verify err:%s", err)
+			}
 			return nil, errorx.New(errno.ErrPassword)
 		}
 	}
diff --git a/biz/infra/impl/sms/safe_sms.go b/biz/infra/impl/sms/safe_sms.go
@@ -29,7 +29,7 @@ func NewSafeSMSProvider(provider sms.Provider, cacheCli cache.Cmdable) (*SafeSMS
 // Send 发送验证码
 func (s *SafeSMSProvider) Send(ctx context.Context, app, cause, phone string, param *sms.SMSParam) error {
 	// 判断是否到上限
-	key := fmt.Sprintf("risk:sendVerifyCode:%s:%s:%S" + app + cause + phone)
+	key := fmt.Sprintf("risk:sendVerifyCode:%s:%s:%s", app, cause, phone)
 	limit, _, err := risk.CheckUpperLimit(ctx, key, conf.GetConfig().SMS.MaxInPeriod)
 	if err != nil {
 		return err
diff --git a/biz/types/errno/passport.go b/biz/types/errno/passport.go
@@ -15,6 +15,7 @@ const (
 	ErrResetPassword    = 200_000_008
 	UnSupportThirdParty = 200_000_009
 	ErrThirdPartyLogin  = 200_000_0010
+	TooOftenLoginError  = 200_000_0011
 )
 
 func init() {
@@ -65,8 +66,14 @@ func init() {
 	)
 	code.Register(UnSupportThirdParty,
 		"unsupported third party",
-		code.WithAffectStability(false))
+		code.WithAffectStability(false),
+	)
 	code.Register(ErrThirdPartyLogin,
 		"third party login failed",
-		code.WithAffectStability(false))
+		code.WithAffectStability(false),
+	)
+	code.Register(TooOftenLoginError,
+		"登录失败次数过多, 请 {period} 分钟后再试",
+		code.WithAffectStability(false),
+	)
 }

Original file line number	Diff line number	Diff line change
`@@ -7,9 +7,11 @@ import (`
`7`	`7`	`)`
`8`	`8`
`9`	`9`	`type Token struct {`
`10`		`- PublicKey string`
`11`		`- SecretKey string`
`12`		`- Expire int64`
	`10`	`+ PublicKey string`
	`11`	`+ SecretKey string`
	`12`	`+ Expire int64`
	`13`	`+ Period int // 重试周期`
	`14`	`+ MaxInPeriod int // 重试周期内最多登录失败次数`
`13`	`15`	`}`
`14`	`16`
`15`	`17`	`func GetSecretKey(sk string) (*rsa.PrivateKey, error) {`