Add rate limiting to auth/verify endpoint (CodeQL fix)
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com> Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/3f62bf2e-92bd-44b5-b05e-b7bfe6772a4d
This commit is contained in:
parent
cf362126cf
commit
5cee68fc9c
|
|
@ -177,6 +177,11 @@ router.post('/auth/team-login', function(req, res) {
|
|||
* 验证当前会话是否有效
|
||||
*/
|
||||
router.get('/auth/verify', function(req, res) {
|
||||
var clientIp = req.ip || req.connection.remoteAddress || 'unknown';
|
||||
if (!checkRateLimit(clientIp)) {
|
||||
return res.status(429).json({ valid: false, message: '请求过于频繁' });
|
||||
}
|
||||
|
||||
var authHeader = req.headers['authorization'] || '';
|
||||
var token = authHeader.replace(/^Bearer\s+/i, '');
|
||||
var result = verifySessionToken(token);
|
||||
|
|
|
|||
Loading…
Reference in New Issue