From 311e1ddb9f88e4424da2096346e224c7751256b6 Mon Sep 17 00:00:00 2001 From: "Feng.YJ" Date: Mon, 4 Aug 2025 13:39:51 +0800 Subject: [PATCH 1/2] Optimize captcha related fields verification - Add `Captcha` field validation to `LoginVerify` rules, ensuring that the captcha isn't empty while prechecking the data. - Remove redundant checks for empty values for `Captcha` and `CaptchaId`, as they are already validated in the `LoginVerify` struct. - Move client IP key retrieval after input validation for better flow. --- server/api/v1/system/sys_user.go | 5 ++--- server/utils/verify.go | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/server/api/v1/system/sys_user.go b/server/api/v1/system/sys_user.go index aae263e3f..3d1c68e29 100644 --- a/server/api/v1/system/sys_user.go +++ b/server/api/v1/system/sys_user.go @@ -27,8 +27,6 @@ import ( func (b *BaseApi) Login(c *gin.Context) { var l systemReq.Login err := c.ShouldBindJSON(&l) - key := c.ClientIP() - if err != nil { response.FailWithMessage(err.Error(), c) return @@ -39,6 +37,7 @@ func (b *BaseApi) Login(c *gin.Context) { return } + key := c.ClientIP() // 判断验证码是否开启 openCaptcha := global.GVA_CONFIG.Captcha.OpenCaptcha // 是否开启防爆次数 openCaptchaTimeOut := global.GVA_CONFIG.Captcha.OpenCaptchaTimeOut // 缓存超时时间 @@ -49,7 +48,7 @@ func (b *BaseApi) Login(c *gin.Context) { var oc bool = openCaptcha == 0 || openCaptcha < interfaceToInt(v) - if !oc || (l.CaptchaId != "" && l.Captcha != "" && store.Verify(l.CaptchaId, l.Captcha, true)) { + if !oc || store.Verify(l.CaptchaId, l.Captcha, true) { u := &system.SysUser{Username: l.Username, Password: l.Password} user, err := userService.Login(u) if err != nil { diff --git a/server/utils/verify.go b/server/utils/verify.go index 43a86725f..e81c1f194 100644 --- a/server/utils/verify.go +++ b/server/utils/verify.go @@ -5,7 +5,7 @@ var ( ApiVerify = Rules{"Path": {NotEmpty()}, "Description": {NotEmpty()}, "ApiGroup": {NotEmpty()}, "Method": {NotEmpty()}} MenuVerify = Rules{"Path": {NotEmpty()}, "Name": {NotEmpty()}, "Component": {NotEmpty()}, "Sort": {Ge("0")}} MenuMetaVerify = Rules{"Title": {NotEmpty()}} - LoginVerify = Rules{"CaptchaId": {NotEmpty()}, "Username": {NotEmpty()}, "Password": {NotEmpty()}} + LoginVerify = Rules{"CaptchaId": {NotEmpty()}, "Captcha": {NotEmpty()}, "Username": {NotEmpty()}, "Password": {NotEmpty()}} RegisterVerify = Rules{"Username": {NotEmpty()}, "NickName": {NotEmpty()}, "Password": {NotEmpty()}, "AuthorityId": {NotEmpty()}} PageInfoVerify = Rules{"Page": {NotEmpty()}, "PageSize": {NotEmpty()}} CustomerVerify = Rules{"CustomerName": {NotEmpty()}, "CustomerPhoneData": {NotEmpty()}} From a033ab9abed0ff241cb468f850594d2da96139e4 Mon Sep 17 00:00:00 2001 From: "Feng.YJ" Date: Mon, 4 Aug 2025 13:43:03 +0800 Subject: [PATCH 2/2] refactor: simplify login captcha validation flow for cleaner code --- server/api/v1/system/sys_user.go | 44 ++++++++++++++++---------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/server/api/v1/system/sys_user.go b/server/api/v1/system/sys_user.go index 3d1c68e29..40f09341b 100644 --- a/server/api/v1/system/sys_user.go +++ b/server/api/v1/system/sys_user.go @@ -47,30 +47,30 @@ func (b *BaseApi) Login(c *gin.Context) { } var oc bool = openCaptcha == 0 || openCaptcha < interfaceToInt(v) - - if !oc || store.Verify(l.CaptchaId, l.Captcha, true) { - u := &system.SysUser{Username: l.Username, Password: l.Password} - user, err := userService.Login(u) - if err != nil { - global.GVA_LOG.Error("登陆失败! 用户名不存在或者密码错误!", zap.Error(err)) - // 验证码次数+1 - global.BlackCache.Increment(key, 1) - response.FailWithMessage("用户名不存在或者密码错误", c) - return - } - if user.Enable != 1 { - global.GVA_LOG.Error("登陆失败! 用户被禁止登录!") - // 验证码次数+1 - global.BlackCache.Increment(key, 1) - response.FailWithMessage("用户被禁止登录", c) - return - } - b.TokenNext(c, *user) + if oc && !store.Verify(l.CaptchaId, l.Captcha, true) { + // 验证码次数+1 + global.BlackCache.Increment(key, 1) + response.FailWithMessage("验证码错误", c) return } - // 验证码次数+1 - global.BlackCache.Increment(key, 1) - response.FailWithMessage("验证码错误", c) + + u := &system.SysUser{Username: l.Username, Password: l.Password} + user, err := userService.Login(u) + if err != nil { + global.GVA_LOG.Error("登陆失败! 用户名不存在或者密码错误!", zap.Error(err)) + // 验证码次数+1 + global.BlackCache.Increment(key, 1) + response.FailWithMessage("用户名不存在或者密码错误", c) + return + } + if user.Enable != 1 { + global.GVA_LOG.Error("登陆失败! 用户被禁止登录!") + // 验证码次数+1 + global.BlackCache.Increment(key, 1) + response.FailWithMessage("用户被禁止登录", c) + return + } + b.TokenNext(c, *user) } // TokenNext 登录以后签发jwt