EdgeNode/internal/waf/captcha_counter.go

// Copyright 2022 GoEdge goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cloud .

package waf

import (
	"time"

	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
	"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
	"github.com/iwind/TeaGo/types"
)

type CaptchaPageCode = string

const (
	CaptchaPageCodeInit   CaptchaPageCode = "init"
	CaptchaPageCodeShow   CaptchaPageCode = "show"
	CaptchaPageCodeImage  CaptchaPageCode = "image"
	CaptchaPageCodeSubmit CaptchaPageCode = "submit"
)

// CaptchaIncreaseFails 增加Captcha失败次数，以便后续操作
func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, policyId int64, groupId int64, setId int64, pageCode CaptchaPageCode, useLocalFirewall bool) (goNext bool) {
	var maxFails = actionConfig.MaxFails
	var failBlockTimeout = actionConfig.FailBlockTimeout
	if maxFails > 0 && failBlockTimeout > 0 {
		if maxFails <= 3 {
			maxFails = 3 // 不能小于3，防止意外刷新出现
		}
		var countFails = counters.SharedCounter.IncreaseKey(CaptchaCacheKey(req, pageCode), 300)
		if int(countFails) >= maxFails {
			SharedIPBlackList.RecordIP(IPTypeAll, firewallconfigs.FirewallScopeServer, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(failBlockTimeout), policyId, useLocalFirewall, groupId, setId, "CAPTCHA验证连续失败超过"+types.String(maxFails)+"次")
			return false
		}
	}
	return true
}

// CaptchaDeleteCacheKey 清除计数
func CaptchaDeleteCacheKey(req requests.Request) {
	counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeInit))
	counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeShow))
	counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeImage))
	counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeSubmit))
}

// CaptchaCacheKey 获取Captcha缓存Key
func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string {
	return "WAF:CAPTCHA:FAILS:" + pageCode + ":" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId())
}
-												v1.4.1

											
										
										
											2024-07-27 15:42:50 +08:00
+								// Copyright 2022 GoEdge goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cloud .
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
 								package waf
 								import (
-												v1.4.1

											
										
										
											2024-07-27 15:42:50 +08:00
+									"time"
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+									"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
-												合并多个计数器，便于统一的内存控制

											
										
										
											2023-10-05 09:45:46 +08:00
+									"github.com/TeaOSLab/EdgeNode/internal/utils/counters"
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+									"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
 									"github.com/iwind/TeaGo/types"
 								)
 								type CaptchaPageCode = string
 								const (
 									CaptchaPageCodeInit   CaptchaPageCode = "init"
 									CaptchaPageCodeShow   CaptchaPageCode = "show"
-												优化验证码加载方式，减少不必要的图片生成

											
										
										
											2023-11-28 18:07:27 +08:00
+									CaptchaPageCodeImage  CaptchaPageCode = "image"
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+									CaptchaPageCodeSubmit CaptchaPageCode = "submit"
 								)
 								// CaptchaIncreaseFails 增加Captcha失败次数，以便后续操作
-												优化WAF

* 信息加密使用struct代替map，以缩短加密后内容长度
* 拦截动作、人机识别动作增加是否尝试全局封禁选项
* JSCookie识别动作增加默认设置选项
* 人机识别中传入info参数异常时，尝试跳转到来源地址，避免直接提示invalid request

											
										
										
											2024-04-07 14:31:22 +08:00
+								func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, policyId int64, groupId int64, setId int64, pageCode CaptchaPageCode, useLocalFirewall bool) (goNext bool) {
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+									var maxFails = actionConfig.MaxFails
 									var failBlockTimeout = actionConfig.FailBlockTimeout
 									if maxFails > 0 && failBlockTimeout > 0 {
 										if maxFails <= 3 {
 											maxFails = 3 // 不能小于3，防止意外刷新出现
 										}
-												合并多个计数器，便于统一的内存控制

											
										
										
											2023-10-05 09:45:46 +08:00
+										var countFails = counters.SharedCounter.IncreaseKey(CaptchaCacheKey(req, pageCode), 300)
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+										if int(countFails) >= maxFails {
-												优化WAF

* 信息加密使用struct代替map，以缩短加密后内容长度
* 拦截动作、人机识别动作增加是否尝试全局封禁选项
* JSCookie识别动作增加默认设置选项
* 人机识别中传入info参数异常时，尝试跳转到来源地址，避免直接提示invalid request

											
										
										
											2024-04-07 14:31:22 +08:00
+											SharedIPBlackList.RecordIP(IPTypeAll, firewallconfigs.FirewallScopeServer, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(failBlockTimeout), policyId, useLocalFirewall, groupId, setId, "CAPTCHA验证连续失败超过"+types.String(maxFails)+"次")
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+											return false
 										}
 									}
 									return true
 								}
 								// CaptchaDeleteCacheKey 清除计数
 								func CaptchaDeleteCacheKey(req requests.Request) {
-												合并多个计数器，便于统一的内存控制

											
										
										
											2023-10-05 09:45:46 +08:00
+									counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeInit))
 									counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeShow))
-												优化验证码加载方式，减少不必要的图片生成

											
										
										
											2023-11-28 18:07:27 +08:00
+									counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeImage))
-												合并多个计数器，便于统一的内存控制

											
										
										
											2023-10-05 09:45:46 +08:00
+									counters.SharedCounter.ResetKey(CaptchaCacheKey(req, CaptchaPageCodeSubmit))
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+								}
 								// CaptchaCacheKey 获取Captcha缓存Key
 								func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string {
-												验证码验证不区分访问路径

											
										
										
											2023-11-19 15:34:22 +08:00
+									return "WAF:CAPTCHA:FAILS:" + pageCode + ":" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId())
-												优化验证码失败次数统计

											
										
										
											2022-05-21 20:02:35 +08:00
+								}