登录页尝试使用csrf校验

2025-12-25 03:26:34 +08:00 · 2020-10-25 11:22:11 +08:00
parent 5345888280
commit 08af418665
11 changed files with 236 additions and 1 deletions
--- a/internal/web/actions/default/csrf/token.go
+++ b/internal/web/actions/default/csrf/token.go
@@ -0,0 +1,39 @@
+package csrf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/csrf"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"sync"
+	"time"
+)
+
+var lastTimestamp = int64(0)
+var locker sync.Mutex
+
+type TokenAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TokenAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *TokenAction) RunGet(params struct {
+	Auth *helpers.UserShouldAuth
+}) {
+	locker.Lock()
+	defer locker.Unlock()
+
+	defer func() {
+		lastTimestamp = time.Now().Unix()
+	}()
+
+	// 没有登录，则限制请求速度
+	if params.Auth.AdminId() <= 0 && lastTimestamp > 0 && time.Now().Unix()-lastTimestamp <= 1 {
+		this.Fail("请求速度过快，请稍后刷新后重试")
+	}
+
+	this.Data["token"] = csrf.Generate()
+	this.Success()
+}