tone/tonePage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 添加部分API限流规则

Browse Source
This commit is contained in:
tone
2025-12-19 20:32:18 +08:00
parent 3ce02f8b28
commit 05c8fd067b
3 changed files with 34 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/backend/src/app.module.ts
View File

@@ -34,9 +34,19 @@ import { CommonModule } from './common/common.module';
ignoreUserAgents: [/googlebot/i, /bingbot/i], ignoreUserAgents: [/googlebot/i, /bingbot/i],
throttlers: [ throttlers: [
{ {
name: '1_min', name: 'min',
limit: 100, limit: 100,
ttl: 60000, // 1 minute ttl: 60 * 1000,
},
{
name: 'hour',
limit: 500,
ttl: 60 * 60 * 1000,
},
{
name: 'day',
limit: 10000,
ttl: 24 * 60 * 60 * 1000,
}, },
], ],
}), }),

20
apps/backend/src/auth/auth.controller.ts
View File

@@ -45,9 +45,11 @@ export class AuthController {
@Post('login/password') @Post('login/password')
@UseGuards(ThrottlerGuard) @UseGuards(ThrottlerGuard)
@Throttle({ 'min': { limit: 10, ttl: 60 * 1000 } }) @Throttle({
@Throttle({ 'hour': { limit: 20, ttl: 60 * 60 * 1000 } }) 'min': { limit: 5, ttl: 60 * 1000 },
@Throttle({ 'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 } }) 'hour': { limit: 20, ttl: 60 * 60 * 1000 },
'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 }
})
async loginByPassword( async loginByPassword(
@Body() loginDto: LoginByPasswordDto, @Body() loginDto: LoginByPasswordDto,
@Res({ passthrough: true }) res: Response, @Res({ passthrough: true }) res: Response,
@@ -61,6 +63,10 @@ export class AuthController {
} }
@Post('login/sms') @Post('login/sms')
@UseGuards(ThrottlerGuard)
@Throttle({
'day': { limit: 50, ttl: 24 * 60 * 60 * 1000 }
})
async loginBySms( async loginBySms(
@Body() dto: SmsLoginDto, @Body() dto: SmsLoginDto,
@Res({ passthrough: true }) res: Response, @Res({ passthrough: true }) res: Response,
@@ -77,6 +83,10 @@ export class AuthController {
@Post('passkey/login/options') @Post('passkey/login/options')
@UseGuards(ThrottlerGuard)
@Throttle({
'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
})
async loginByPasskeyOptions( async loginByPasskeyOptions(
@Res({ passthrough: true }) res: Response, @Res({ passthrough: true }) res: Response,
) { ) {
@@ -94,6 +104,10 @@ export class AuthController {
} }
@Post('passkey/login') @Post('passkey/login')
@UseGuards(ThrottlerGuard)
@Throttle({
'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
})
async loginByPasskey( async loginByPasskey(
@Req() req: Request, @Req() req: Request,
@Body() body: PasskeyLoginDto, @Body() body: PasskeyLoginDto,

6
apps/backend/src/sms/sms.controller.ts
View File

@@ -10,7 +10,11 @@ export class SmsController {
@Post('send/login') @Post('send/login')
@UseGuards(ThrottlerGuard) @UseGuards(ThrottlerGuard)
@Throttle({ sms_login: { limit: 10, ttl: 60000 } }) @Throttle({
'min': { limit: 3, ttl: 60 * 1000 },
'hour': { limit: 10, ttl: 60 * 60 * 1000 },
'day': { limit: 20, ttl: 24 * 60 * 60 * 1000 }
})
async sendLoginSms(@Body() dto: SendLoginSmsDto) { async sendLoginSms(@Body() dto: SendLoginSmsDto) {
await this.smsService.sendSms(dto.phone, 'login'); await this.smsService.sendSms(dto.phone, 'login');
return null; return null;