增加防御代码，防止恶意攻击

2021-08-21 23:57:59 +08:00
parent 7ac14d49fd
commit 56dbc071ee
5 changed files with 47 additions and 21 deletions
--- a/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java
@@ -148,15 +148,23 @@ public class LogService {
        try{
            Long userId = userService.getUserId(request);
            if(userId!=null) {
-                Log log = new Log();
-                log.setUserId(userId);
-                log.setOperation(moduleName);
-                log.setClientIp(getLocalIp(request));
-                log.setCreateTime(new Date());
-                Byte status = 0;
-                log.setStatus(status);
-                log.setContent(content);
-                logMapper.insertSelective(log);
+                String clientIp = getLocalIp(request);
+                String createTime = Tools.getNow3();
+                Long count = logMapperEx.getCountByIpAndDate(clientIp, createTime);
+                if(count > 0) {
+                    //如果某1个IP在同1秒内连续操作两遍，此时需要删除该redis记录，使其退出，防止恶意攻击
+                    redisService.deleteObjectByKeyAndIp("clientIp", clientIp, "userId");
+                } else {
+                    Log log = new Log();
+                    log.setUserId(userId);
+                    log.setOperation(moduleName);
+                    log.setClientIp(getLocalIp(request));
+                    log.setCreateTime(new Date());
+                    Byte status = 0;
+                    log.setStatus(status);
+                    log.setContent(content);
+                    logMapper.insertSelective(log);
+                }
            }
        }catch(Exception e){
            JshException.writeFail(logger, e);