添加登陆接口限流

2025-06-17 09:37:24 +08:00
parent 90a67b681e
commit e418476b20
4 changed files with 29 additions and 2 deletions
--- a/tone-page-server/package.json
+++ b/tone-page-server/package.json
@@ -29,6 +29,7 @@
    "@nestjs/mapped-types": "*",
    "@nestjs/passport": "^11.0.5",
    "@nestjs/platform-express": "^10.0.0",
+    "@nestjs/throttler": "^6.4.0",
    "@nestjs/typeorm": "^11.0.0",
    "@types/ali-oss": "^6.16.11",
    "ali-oss": "^6.23.0",
--- a/tone-page-server/pnpm-lock.yaml
+++ b/tone-page-server/pnpm-lock.yaml
@@ -35,6 +35,9 @@ importers:
      '@nestjs/platform-express':
        specifier: ^10.0.0
        version: 10.4.17(@nestjs/common@10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@10.4.17)
+      '@nestjs/throttler':
+        specifier: ^6.4.0
+        version: 6.4.0(@nestjs/common@10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@10.4.17)(reflect-metadata@0.2.2)
      '@nestjs/typeorm':
        specifier: ^11.0.0
        version: 11.0.0(@nestjs/common@10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@10.4.17)(reflect-metadata@0.2.2)(rxjs@7.8.2)(typeorm@0.3.22(pg@8.15.6)(reflect-metadata@0.2.2)(ts-node@10.9.2(@types/node@20.17.31)(typescript@5.8.3)))
@@ -630,6 +633,13 @@ packages:
      '@nestjs/platform-express':
        optional: true

+  '@nestjs/throttler@6.4.0':
+    resolution: {integrity: sha512-osL67i0PUuwU5nqSuJjtUJZMkxAnYB4VldgYUMGzvYRJDCqGRFMWbsbzm/CkUtPLRL30I8T74Xgt/OQxnYokiA==}
+    peerDependencies:
+      '@nestjs/common': ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0
+      '@nestjs/core': ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0
+      reflect-metadata: ^0.1.13 || ^0.2.0
+
  '@nestjs/typeorm@11.0.0':
    resolution: {integrity: sha512-SOeUQl70Lb2OfhGkvnh4KXWlsd+zA08RuuQgT7kKbzivngxzSo1Oc7Usu5VxCxACQC9wc2l9esOHILSJeK7rJA==}
    peerDependencies:
@@ -4136,6 +4146,12 @@ snapshots:
    optionalDependencies:
      '@nestjs/platform-express': 10.4.17(@nestjs/common@10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@10.4.17)

+  '@nestjs/throttler@6.4.0(@nestjs/common@10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@10.4.17)(reflect-metadata@0.2.2)':
+    dependencies:
+      '@nestjs/common': 10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@nestjs/core': 10.4.17(@nestjs/common@10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/platform-express@10.4.17)(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      reflect-metadata: 0.2.2
+
  '@nestjs/typeorm@11.0.0(@nestjs/common@10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2))(@nestjs/core@10.4.17)(reflect-metadata@0.2.2)(rxjs@7.8.2)(typeorm@0.3.22(pg@8.15.6)(reflect-metadata@0.2.2)(ts-node@10.9.2(@types/node@20.17.31)(typescript@5.8.3)))':
    dependencies:
      '@nestjs/common': 10.4.17(class-transformer@0.5.1)(class-validator@0.14.2)(reflect-metadata@0.2.2)(rxjs@7.8.2)
--- a/tone-page-server/src/app.module.ts
+++ b/tone-page-server/src/app.module.ts
@@ -13,6 +13,7 @@ import { BlogModule } from './blog/blog.module';
 import { RoleModule } from './role/role.module';
 import { AdminModule } from './admin/admin.module';
 import { OssModule } from './oss/oss.module';
+import { ThrottlerModule } from '@nestjs/throttler';

@Module({
  imports: [
@@ -29,6 +30,12 @@ import { OssModule } from './oss/oss.module';
      synchronize: process.env.NODE_ENV !== 'production', // Set to false in production
    }),
    PassportModule.register({ defaultStrategy: 'jwt' }),
+    ThrottlerModule.forRoot({
+      throttlers: [{
+        limit: 1000,
+        ttl: 60000, // 1 minute
+      }],
+    }),
    UserModule,
    AuthModule,
    VerificationModule,
@@ -42,4 +49,4 @@ import { OssModule } from './oss/oss.module';
  controllers: [AppController],
  providers: [AppService],
 })
-export class AppModule {}
+export class AppModule { }
--- a/tone-page-server/src/auth/auth.controller.ts
+++ b/tone-page-server/src/auth/auth.controller.ts
@@ -10,15 +10,18 @@ import { LoginDto } from './dto/login.dto';
 import { AuthService } from './auth.service';
 import { AuthGuard } from '@nestjs/passport';
 import { UserSessionService } from 'src/user/services/user-session.service';
+import { Throttle, ThrottlerGuard } from '@nestjs/throttler';

@Controller('auth')
 export class AuthController {
  constructor(
    private readonly authService: AuthService,
    private readonly userSessionService: UserSessionService,
-  ) {}
+  ) { }

  @Post('login')
+  @UseGuards(ThrottlerGuard)
+  @Throttle({ default: { limit: 100, ttl: 60000 } })
  async login(@Body() loginDto: LoginDto) {
    switch (loginDto.type) {
      case 'password':