kgod/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity

feat: add registration abuse prevention

Browse Source 
- Silently block verification code for IPs with 2+ registered accounts
- Silently block Gmail alias emails (containing + or . in local part)
- Add CountByRegistrationIP to UserRepository interface
- Pass client IP to SendVerifyCodeAsync for abuse detection

Both checks return fake success to prevent enumeration attacks.
This commit is contained in:
kone
2026-06-06 04:07:07 +08:00
parent ba5a09862f
commit 88ccd0ecbb
5 changed files with 75 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/service/user_service.go
+3
View File
@@ -111,6 +111,9 @@ type UserRepository interface {
UpdateTotpSecret(ctx context.Context, userID int64, encryptedSecret *string) error
EnableTotp(ctx context.Context, userID int64) error
DisableTotp(ctx context.Context, userID int64) error
// CountByRegistrationIP 统计指定 IP 注册的用户数量
CountByRegistrationIP(ctx context.Context, ip string) (int, error)
}
type UserAuthIdentityRecord struct {