feat(login): add login limit (#1023)

* feat(login): add login limit * chore: rename vars * chore: use `string` * fix: clear the signin error times after succeessfull login * chore: modify code position
2025-07-03 12:30:19 +08:00 · 2022-08-17 01:39:53 +08:00
parent 70f2988f09
commit aedef1eea1
3 changed files with 73 additions and 2 deletions
--- a/object/check_util.go
+++ b/object/check_util.go
@ -14,7 +14,11 @@

 package object

-import "regexp"
+import (
+	"fmt"
+	"regexp"
+	"time"
+)

 var reRealName *regexp.Regexp

@ -29,3 +33,32 @@ func init() {
 func isValidRealName(s string) bool {
 	return reRealName.MatchString(s)
 }
+
+func resetUserSigninErrorTimes(user *User) {
+	// if the password is correct and wrong times is not zero, reset the error times
+	if user.SigninWrongTimes == 0 {
+		return
+	}
+	user.SigninWrongTimes = 0
+	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
+}
+
+func recordSigninErrorInfo(user *User) string {
+	// increase failed login count
+	user.SigninWrongTimes++
+
+	if user.SigninWrongTimes >= SigninWrongTimesLimit {
+		// record the latest failed login time
+		user.LastSigninWrongTime = time.Now().UTC().Format(time.RFC3339)
+	}
+
+	// update user
+	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
+	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
+	if leftChances > 0 {
+		return fmt.Sprintf("password is incorrect, you have %d remaining chances", leftChances)
+	}
+
+	// don't show the chance error message if the user has no chance left
+	return fmt.Sprintf("You have entered the wrong password too many times, please wait for %d minutes and try again", int(LastSignWrongTimeDuration.Minutes()))
+}