From 0d211f26b8e0adbbf7b4971b539e7df51aaae08f Mon Sep 17 00:00:00 2001 From: Jing Li Date: Mon, 4 Dec 2023 17:28:26 +0800 Subject: [PATCH] Update --- app/Http/Controllers/AuthController.php | 43 +++++++++++++++++++++---- 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index 12b8cc0..0a5ff99 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -2,13 +2,19 @@ namespace App\Http\Controllers; -use App\Models\AdminUser; use App\Models\AdminPermission; +use App\Models\AdminUser; +use Illuminate\Contracts\Cache\Repository as Cache; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; class AuthController extends Controller { + public function __construct( + protected Cache $cache, + ) { + } + public function login(Request $request) { $request->validate([ @@ -16,14 +22,39 @@ class AuthController extends Controller 'password' => 'required', ]); - $user = AdminUser::where(['username' => $request->input('username')])->first(); - if (! $user) { - return $this->error('用户名或密码错误'); - } - if (! Hash::check($request->input('password'), $user->password)) { + $username = $request->input('username'); + + $user = AdminUser::where(['username' => $username])->first(); + + if ($user?->banned_at) { + return $this->error('账号已封禁,请联系管理员'); + } + + $cacheKey = "admin_user_ban:{$username}"; + + if (! Hash::check($request->input('password'), (string) $user?->password)) { + if ($user) { + $this->cache->add($cacheKey, 0, 86400); + + $hits = $this->cache->increment($cacheKey, 1); + + if ($hits >= 3) { + // 锁定账号 + $user->update([ + 'banned_reason' => '24小时内密码连续错误3次', + 'banned_at' => now(), + ]); + + // 清空登录失败尝试次数 + $this->cache->forget($cacheKey); + } + } return $this->error('用户名或密码错误'); } + // 清空登录失败尝试次数 + $this->cache->forget($cacheKey); + if ($user->is_enable !== 1) { return $this->error('用户状态异常请联系管理员'); }