bug233 短信注册受到攻击问题处理

762b4e35 · honghy · wux · d10b78ea · 762b4e35
Commit 762b4e35 authored Feb 05, 2025 by honghy Committed by wux Feb 06, 2025
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 4 deletions

AppAuthController.java .../module/member/controller/app/auth/AppAuthController.java +3 -4

No files found.
--- a/yudao-module-member/yudao-module-member-impl/src/main/java/cn/iocoder/yudao/module/member/controller/app/auth/AppAuthController.java
+++ b/yudao-module-member/yudao-module-member-impl/src/main/java/cn/iocoder/yudao/module/member/controller/app/auth/AppAuthController.java
@@ -25,7 +25,6 @@ import org.springframework.web.bind.annotation.*;

 import javax.annotation.Resource;
 import javax.validation.Valid;
-import java.security.NoSuchAlgorithmException;
 import java.util.List;
 import java.util.concurrent.TimeUnit;

@@ -109,8 +108,8 @@ public class AppAuthController {
    @ApiOperation(value = "发送手机验证码")
    @OperateLog(enable = false) // 避免 Post 请求被记录操作日志
    @Idempotent(timeout = 5)
-    public CommonResult<Boolean> sendSmsCode(@RequestBody @Valid AppAuthSendSmsReqVO reqVO) throws NoSuchAlgorithmException {
-
+    public CommonResult<Boolean> sendSmsCode(@RequestBody @Valid AppAuthSendSmsReqVO reqVO) {
+        // 短信限流
        processSmsRequest(reqVO);
        authService.sendSmsCode(getLoginUserId(), reqVO);
        return success(true);
@@ -182,7 +181,7 @@ public class AppAuthController {
                int attemptsInt = Integer.parseInt(attempts) + 1;
                if (attemptsInt > maxAttempts) {
                    // 如果超过阈值，返回错误信息
-                    throw new ServiceException(500, "The IP address cannot send short messages");
+                    throw new ServiceException(500, "Unlawful request");
                } else {
                    redisHelper.set(redisKey, String.valueOf(attemptsInt), timeWindowSeconds, TimeUnit.DAYS);
                }