From 5cee68fc9c213121807dae990b77d0fb5b145611 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Mar 2026 09:55:27 +0000 Subject: [PATCH] Add rate limiting to auth/verify endpoint (CodeQL fix) Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com> Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/3f62bf2e-92bd-44b5-b05e-b7bfe6772a4d --- backend/api-server/routes/auth.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/backend/api-server/routes/auth.js b/backend/api-server/routes/auth.js index f813357b..59d1c32a 100644 --- a/backend/api-server/routes/auth.js +++ b/backend/api-server/routes/auth.js @@ -177,6 +177,11 @@ router.post('/auth/team-login', function(req, res) { * 验证当前会话是否有效 */ router.get('/auth/verify', function(req, res) { + var clientIp = req.ip || req.connection.remoteAddress || 'unknown'; + if (!checkRateLimit(clientIp)) { + return res.status(429).json({ valid: false, message: '请求过于频繁' }); + } + var authHeader = req.headers['authorization'] || ''; var token = authHeader.replace(/^Bearer\s+/i, ''); var result = verifySessionToken(token);