增加防御代码，防止恶意攻击(优化)

2021-08-22 19:11:17 +08:00
parent d21e6a4ffe
commit 182b9e2bc1
3 changed files with 3 additions and 2 deletions
--- a/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java
@@ -30,6 +30,7 @@ public interface LogMapperEx {
            @Param("content") String content);

    Long getCountByIpAndDate(
+            @Param("moduleName") String moduleName,
            @Param("clientIp") String clientIp,
            @Param("createTime") String createTime);
 }
--- a/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java
@@ -150,7 +150,7 @@ public class LogService {
            if(userId!=null) {
                String clientIp = getLocalIp(request);
                String createTime = Tools.getNow3();
-                Long count = logMapperEx.getCountByIpAndDate(clientIp, createTime);
+                Long count = logMapperEx.getCountByIpAndDate(moduleName, clientIp, createTime);
                if(count > 0) {
                    //如果某1个IP在同1秒内连续操作两遍，此时需要删除该redis记录，使其退出，防止恶意攻击
                    redisService.deleteObjectByKeyAndIp("clientIp", clientIp, "userId");
--- a/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml
+++ b/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml
@@ -72,6 +72,6 @@
    </select>

    <select id="getCountByIpAndDate" resultType="java.lang.Long">
-        select count(1) from jsh_log where client_ip=#{clientIp} and create_time=#{createTime}
+        select count(1) from jsh_log where operation=#{moduleName} and client_ip=#{clientIp} and create_time=#{createTime}
    </select>
 </mapper>