From 82ba843d7dd939954ce35074ee3d2617826b5300 Mon Sep 17 00:00:00 2001 From: yystopf Date: Wed, 19 Apr 2023 10:15:07 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9A=E5=8F=91=E9=80=81?= =?UTF-8?q?=E9=82=AE=E4=BB=B6=E5=8F=8A=E7=9F=AD=E4=BF=A1=E6=AC=A1=E6=95=B0?= =?UTF-8?q?=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/accounts_controller.rb | 2 + app/controllers/api/v1/users_controller.rb | 15 +++-- app/controllers/application_controller.rb | 14 ++-- app/services/info_risk_control_service.rb | 77 ++++++++++++++++++++++ 4 files changed, 95 insertions(+), 13 deletions(-) create mode 100644 app/services/info_risk_control_service.rb diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index 2046dfa20..0b713bdb3 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -324,6 +324,8 @@ class AccountsController < ApplicationController send_type = verify_type(login_type, type) verification_code = code.sample(6).join + status, message = InfoRiskControlService.call(value, request.remote_ip) + tip_exception(420, message) if status == 0 sign = Digest::MD5.hexdigest("#{OPENKEY}#{value}") tip_exception(501, "请求不合理") if sign != params[:smscode] diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb index 3a750b519..f5ea37a90 100644 --- a/app/controllers/api/v1/users_controller.rb +++ b/app/controllers/api/v1/users_controller.rb @@ -9,21 +9,24 @@ class Api::V1::UsersController < Api::V1::BaseController mail = params[:email] code_type = params[:code_type] + status, message = InfoRiskControlService.call(0, request.remote_ip) + tip_exception(420, message) if status == 0 + sign = Digest::MD5.hexdigest("#{OPENKEY}#{mail}") Rails.logger.info sign tip_exception(501, "请求不合理") if sign != params[:smscode] # 60s内不能重复发送 - send_email_limit_cache_key = "send_email_60_second_limit:#{mail}" - tip_exception(-2, '请勿频繁操作') if Rails.cache.exist?(send_email_limit_cache_key) - send_email_control = LimitForbidControl::SendEmailCode.new(mail) - tip_exception(-2, '邮件发送太频繁,请稍后再试') if send_email_control.forbid? + # send_email_limit_cache_key = "send_email_60_second_limit:#{mail}" + # tip_exception(-2, '请勿频繁操作') if Rails.cache.exist?(send_email_limit_cache_key) + # send_email_control = LimitForbidControl::SendEmailCode.new(mail) + # tip_exception(-2, '邮件发送太频繁,请稍后再试') if send_email_control.forbid? begin UserMailer.update_email(mail, verification_code).deliver_now - Rails.cache.write(send_email_limit_cache_key, 1, expires_in: 1.minute) - send_email_control.increment! + # Rails.cache.write(send_email_limit_cache_key, 1, expires_in: 1.minute) + # send_email_control.increment! rescue Exception => e logger_error(e) tip_exception(-2,"邮件发送失败,请稍后重试") diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 517e1b2df..61541d09b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -112,12 +112,12 @@ class ApplicationController < ActionController::Base # 邮箱类型的发送 sigle_para = {email: value} # 60s内不能重复发送 - send_email_limit_cache_key = "send_email_60_second_limit:#{value}" - tip_exception(-1, '请勿频繁操作') if Rails.cache.exist?(send_email_limit_cache_key) + # send_email_limit_cache_key = "send_email_60_second_limit:#{value}" + # tip_exception(-1, '请勿频繁操作') if Rails.cache.exist?(send_email_limit_cache_key) - # 短时间内不能大量发送 - send_email_control = LimitForbidControl::SendEmailCode.new(value) - tip_exception(-1, '邮件发送太频繁,请稍后再试') if send_email_control.forbid? + # # 短时间内不能大量发送 + # send_email_control = LimitForbidControl::SendEmailCode.new(value) + # tip_exception(-1, '邮件发送太频繁,请稍后再试') if send_email_control.forbid? begin if send_type == 3 UserMailer.find_password(value, code).deliver_now @@ -126,8 +126,8 @@ class ApplicationController < ActionController::Base else UserMailer.register_email(value, code).deliver_now end - Rails.cache.write(send_email_limit_cache_key, 1, expires_in: 1.minute) - send_email_control.increment! + # Rails.cache.write(send_email_limit_cache_key, 1, expires_in: 1.minute) + # send_email_control.increment! # Mailer.run.email_register(code, value) rescue Exception => e logger_error(e) diff --git a/app/services/info_risk_control_service.rb b/app/services/info_risk_control_service.rb new file mode 100644 index 000000000..f07b30c48 --- /dev/null +++ b/app/services/info_risk_control_service.rb @@ -0,0 +1,77 @@ +class InfoRiskControlService < ApplicationService + + attr_reader :receiver, :remote_ip + attr_accessor :status, :message + + + def initialize(receiver="", remote_ip="0.0.0.0") + @receiver = receiver + @remote_ip = remote_ip + @status = 1 + @message = "" + end + + def call + if receiver == "" + remote_ip_minute_risk_control + remote_ip_risk_control if @status = 1 + else + remote_ip_minute_risk_control + remote_ip_risk_control if @status = 1 + minute_risk_control + day_risk_control if @status = 1 + end + + return @status, @message + end + + private + def remote_ip_minute_risk_control + result = Rails.cache.read("InfoRiskControlService-RemoteIp-Minute-#{remote_ip}") + if result.present? + @status = 0 + @message = "您的请求过于频繁,请稍后再试" + else + Rails.cache.write("InfoRiskControlService-RemoteIp-Minute-#{remote_ip}", 1, expires_in: 1.minute) + end + end + + def remote_ip_risk_control + result = Rails.cache.read("InfoRiskControlService-RemoteIp-#{remote_ip}") + if result.present? + if result.to_i > 20 + @status = 0 + @message = "暂时无法请求,请稍后再试" + else + Rails.cache.write("InfoRiskControlService-RemoteIp-#{remote_ip}", result.to_i + 1) + end + else + Rails.cache.write("InfoRiskControlService-RemoteIp-#{remote_ip}", 1, expires_in: 1.day) + end + end + + def minute_risk_control + result = Rails.cache.read("InfoRiskControlService-Minute-#{receiver}") + if result.present? + @status = 0 + @message = "您的请求过于频繁,请稍后再试" + else + Rails.cache.write("InfoRiskControlService-Minute-#{receiver}", 1, expires_in: 1.minute) + end + end + + def day_risk_control + result = Rails.cache.read("InfoRiskControlService-Day-#{receiver}") + if result.present? + if result.to_i > 10 + @status = 0 + @message = "您的请求过于频繁,请稍后再试" + else + Rails.cache.write("InfoRiskControlService-Day-#{receiver}", result.to_i + 1) + end + else + Rails.cache.write("InfoRiskControlService-Day-#{receiver}", 1, expires_in: 1.days) + end + end + +end \ No newline at end of file