studygolang
diff --git a/‎src/http/controller/account.go
Lines changed: 5 additions & 3 deletions b/‎src/http/controller/account.go
Lines changed: 5 additions & 3 deletions
diff --git a/‎src/http/controller/article.go
Lines changed: 10 additions & 3 deletions b/‎src/http/controller/article.go
Lines changed: 10 additions & 3 deletions
diff --git a/‎src/http/controller/project.go
Lines changed: 13 additions & 4 deletions b/‎src/http/controller/project.go
Lines changed: 13 additions & 4 deletions
diff --git a/‎src/http/controller/resource.go
Lines changed: 10 additions & 3 deletions b/‎src/http/controller/resource.go
Lines changed: 10 additions & 3 deletions
diff --git a/‎src/http/controller/topic.go
Lines changed: 11 additions & 3 deletions b/‎src/http/controller/topic.go
Lines changed: 11 additions & 3 deletions
diff --git a/‎src/http/middleware/captcha.go
Lines changed: 43 additions & 0 deletions b/‎src/http/middleware/captcha.go
Lines changed: 43 additions & 0 deletions
diff --git a/‎src/logic/common.go
Lines changed: 59 additions & 1 deletion b/‎src/logic/common.go
Lines changed: 59 additions & 1 deletion
diff --git a/‎src/logic/observer.go
Lines changed: 3 additions & 0 deletions b/‎src/logic/observer.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/logic/uploader.go
Lines changed: 8 additions & 8 deletions b/‎src/logic/uploader.go
Lines changed: 8 additions & 8 deletions
@@ -61,7 +61,7 @@ func (self AccountController) Register(ctx echo.Context) error {
 	data := map[string]interface{}{
 		"username":  username,
 		"email":     ctx.FormValue("email"),
-		"captchaId": captcha.NewLen(4),
+		"captchaId": captcha.NewLen(util.CaptchaLen),
 	}
 
 	disallowUsers := config.ConfigFile.MustValueArray("account", "disallow_user", ",")
@@ -72,9 +72,11 @@ func (self AccountController) Register(ctx echo.Context) error {
 		}
 	}
 
+	captchaId := ctx.FormValue("captchaid")
 	// 校验验证码
-	if !captcha.VerifyString(ctx.FormValue("captchaid"), ctx.FormValue("captchaSolution")) {
-		data["error"] = "验证码错误"
+	if !captcha.VerifyString(captchaId, ctx.FormValue("captchaSolution")) {
+		data["error"] = "验证码错误，记得刷新验证码"
+		util.SetCaptcha(captchaId)
 		return render(ctx, registerTpl, data)
 	}
 
 
@@ -11,7 +11,9 @@ import (
 	"logic"
 	"net/http"
 	"strings"
+	"util"
 
+	"github.com/dchest/captcha"
 	"github.com/labstack/echo"
 	"github.com/polaris1119/echoutils"
 	"github.com/polaris1119/goutils"
@@ -38,7 +40,7 @@ func (self ArticleController) RegisterRoute(g *echo.Group) {
 
 	g.Get("/articles/:id", self.Detail)
 
-	g.Match([]string{"GET", "POST"}, "/articles/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice())
+	g.Match([]string{"GET", "POST"}, "/articles/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice(), middleware.CheckCaptcha())
 	g.Match([]string{"GET", "POST"}, "/articles/modify", self.Modify, middleware.NeedLogin(), middleware.Sensivite())
 }
 
@@ -146,16 +148,21 @@ func (ArticleController) Detail(ctx echo.Context) error {
 
 // Create 发布新文章
 func (ArticleController) Create(ctx echo.Context) error {
+	me := ctx.Get("user").(*model.Me)
+
 	title := ctx.FormValue("title")
 	if title == "" || ctx.Request().Method() != "POST" {
-		return render(ctx, "articles/new.html", map[string]interface{}{"activeArticles": "active"})
+		data := map[string]interface{}{"activeArticles": "active"}
+		if logic.NeedCaptcha(me) {
+			data["captchaId"] = captcha.NewLen(util.CaptchaLen)
+		}
+		return render(ctx, "articles/new.html", data)
 	}
 
 	if ctx.FormValue("content") == "" {
 		return fail(ctx, 1, "内容不能为空")
 	}
 
-	me := ctx.Get("user").(*model.Me)
 	id, err := logic.DefaultArticle.Publish(echoutils.WrapEchoContext(ctx), me, ctx.FormParams())
 	if err != nil {
 		return fail(ctx, 2, "内部服务错误")
 
@@ -10,7 +10,9 @@ import (
 	"http/middleware"
 	"logic"
 	"net/http"
+	"util"
 
+	"github.com/dchest/captcha"
 	"github.com/labstack/echo"
 	"github.com/polaris1119/goutils"
 
@@ -31,7 +33,7 @@ type ProjectController struct{}
 // 注册路由
 func (self ProjectController) RegisterRoute(g *echo.Group) {
 	g.GET("/projects", self.ReadList)
-	g.Match([]string{"GET", "POST"}, "/project/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice())
+	g.Match([]string{"GET", "POST"}, "/project/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice(), middleware.CheckCaptcha())
 	g.Match([]string{"GET", "POST"}, "/project/modify", self.Modify, middleware.NeedLogin(), middleware.Sensivite())
 	g.GET("/p/:uri", self.Detail)
 	g.GET("/project/uri", self.CheckExist)
@@ -71,15 +73,22 @@ func (ProjectController) ReadList(ctx echo.Context) error {
 
 // Create 新建项目
 func (ProjectController) Create(ctx echo.Context) error {
+	me := ctx.Get("user").(*model.Me)
+
 	name := ctx.FormValue("name")
 	// 请求新建项目页面
 	if name == "" || ctx.Request().Method() != "POST" {
 		project := &model.OpenProject{}
-		return render(ctx, "projects/new.html", map[string]interface{}{"project": project, "activeProjects": "active"})
+
+		data := map[string]interface{}{"project": project, "activeProjects": "active"}
+		if logic.NeedCaptcha(me) {
+			data["captchaId"] = captcha.NewLen(util.CaptchaLen)
+		}
+
+		return render(ctx, "projects/new.html", data)
 	}
 
-	user := ctx.Get("user").(*model.Me)
-	err := logic.DefaultProject.Publish(ctx, user, ctx.FormParams())
+	err := logic.DefaultProject.Publish(ctx, me, ctx.FormParams())
 	if err != nil {
 		return fail(ctx, 1, "内部服务错误！")
 	}
 
@@ -11,7 +11,9 @@ import (
 	"http/middleware"
 	"logic"
 	"net/http"
+	"util"
 
+	"github.com/dchest/captcha"
 	"github.com/labstack/echo"
 	"github.com/polaris1119/goutils"
 
@@ -33,7 +35,7 @@ func (self ResourceController) RegisterRoute(g *echo.Group) {
 	g.GET("/resources", self.ReadList)
 	g.GET("/resources/cat/:catid", self.ReadCatResources)
 	g.GET("/resources/:id", self.Detail)
-	g.Match([]string{"GET", "POST"}, "/resources/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice())
+	g.Match([]string{"GET", "POST"}, "/resources/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice(), middleware.CheckCaptcha())
 	g.Match([]string{"GET", "POST"}, "/resources/modify", self.Modify, middleware.NeedLogin(), middleware.Sensivite())
 }
 
@@ -96,10 +98,16 @@ func (ResourceController) Detail(ctx echo.Context) error {
 
 // Create 发布新资源
 func (ResourceController) Create(ctx echo.Context) error {
+	me := ctx.Get("user").(*model.Me)
+
 	title := ctx.FormValue("title")
 	// 请求新建资源页面
 	if title == "" || ctx.Request().Method() != "POST" {
-		return render(ctx, "resources/new.html", map[string]interface{}{"activeResources": "active", "categories": logic.AllCategory})
+		data := map[string]interface{}{"activeResources": "active", "categories": logic.AllCategory}
+		if logic.NeedCaptcha(me) {
+			data["captchaId"] = captcha.NewLen(util.CaptchaLen)
+		}
+		return render(ctx, "resources/new.html", data)
 	}
 
 	errMsg := ""
@@ -117,7 +125,6 @@ func (ResourceController) Create(ctx echo.Context) error {
 		return fail(ctx, 1, errMsg)
 	}
 
-	me := ctx.Get("user").(*model.Me)
 	err := logic.DefaultResource.Publish(ctx, me, ctx.FormParams())
 	if err != nil {
 		return fail(ctx, 2, "内部服务错误，请稍候再试！")
 
@@ -13,9 +13,11 @@ import (
 	"model"
 	"net/http"
 	"strconv"
+	"util"
 
 	. "http"
 
+	"github.com/dchest/captcha"
 	"github.com/labstack/echo"
 	"github.com/polaris1119/goutils"
 )
@@ -39,7 +41,7 @@ func (self TopicController) RegisterRoute(g *echo.Group) {
 	g.GET("/go/:node", self.GoNodeTopics)
 	g.GET("/nodes", self.Nodes)
 
-	g.Match([]string{"GET", "POST"}, "/topics/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice())
+	g.Match([]string{"GET", "POST"}, "/topics/new", self.Create, middleware.NeedLogin(), middleware.Sensivite(), middleware.BalanceCheck(), middleware.PublishNotice(), middleware.CheckCaptcha())
 	g.Match([]string{"GET", "POST"}, "/topics/modify", self.Modify, middleware.NeedLogin(), middleware.Sensivite())
 
 	g.POST("/topics/set_top", self.SetTop, middleware.NeedLogin())
@@ -184,6 +186,8 @@ func (TopicController) Detail(ctx echo.Context) error {
 func (TopicController) Create(ctx echo.Context) error {
 	nid := goutils.MustInt(ctx.FormValue("nid"))
 
+	me := ctx.Get("user").(*model.Me)
+
 	title := ctx.FormValue("title")
 	// 请求新建主题页面
 	if title == "" || ctx.Request().Method() != "POST" {
@@ -194,6 +198,11 @@ func (TopicController) Create(ctx echo.Context) error {
 			"nid":          nid,
 			"tab_list":     hotNodes,
 		}
+
+		if logic.NeedCaptcha(me) {
+			data["captchaId"] = captcha.NewLen(util.CaptchaLen)
+		}
+
 		hadRecommend := false
 		if len(logic.AllRecommendNodes) > 0 {
 			hadRecommend = true
@@ -212,10 +221,9 @@ func (TopicController) Create(ctx echo.Context) error {
 		return fail(ctx, 1, "没有选择节点！")
 	}
 
-	me := ctx.Get("user").(*model.Me)
 	tid, err := logic.DefaultTopic.Publish(ctx, me, ctx.FormParams())
 	if err != nil {
-		return fail(ctx, 1, "内部服务错误:"+err.Error())
+		return fail(ctx, 3, "内部服务错误:"+err.Error())
 	}
 
 	return success(ctx, map[string]interface{}{"tid": tid})
 
@@ -0,0 +1,43 @@
+// Copyright 2016 The StudyGolang Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// http://studygolang.com
+// Author: polaris	[email protected]
+
+package middleware
+
+import (
+	"logic"
+	"model"
+	"net/http"
+	"util"
+
+	"github.com/dchest/captcha"
+	"github.com/labstack/echo"
+)
+
+// CheckCaptcha 用于 echo 框架校验发布验证码
+func CheckCaptcha() echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(ctx echo.Context) error {
+
+			curUser := ctx.Get("user").(*model.Me)
+
+			if ctx.Request().Method() == "POST" {
+				if logic.NeedCaptcha(curUser) {
+					captchaId := ctx.FormValue("captchaid")
+					if !captcha.VerifyString(captchaId, ctx.FormValue("captchaSolution")) {
+						util.SetCaptcha(captchaId)
+						return ctx.String(http.StatusOK, `{"ok":0,"error":"验证码错误，记得刷新验证码！"}`)
+					}
+				}
+			}
+
+			if err := next(ctx); err != nil {
+				return err
+			}
+
+			return nil
+		}
+	}
+}
@@ -12,11 +12,15 @@ import (
 	"model"
 	"os"
 	"regexp"
+	"strconv"
 	"time"
 	"util"
 
 	"github.com/gorilla/schema"
+	"github.com/polaris1119/goutils"
 	"github.com/polaris1119/logger"
+	"github.com/polaris1119/nosql"
+	"github.com/polaris1119/times"
 	"golang.org/x/net/context"
 )
 
@@ -66,7 +70,7 @@ func CanEdit(me *model.Me, curModel interface{}) bool {
 		return false
 	}
 
-	canEditTime := time.Duration(UserSetting["can_edit_time"]) * time.Second
+	canEditTime := time.Duration(UserSetting[model.KeyCanEditTime]) * time.Second
 	switch entity := curModel.(type) {
 	case *model.Topic:
 		if me.Uid != entity.Uid && me.IsAdmin && roleCanEdit(model.TopicAdmin, me) {
@@ -206,6 +210,60 @@ func CanPublish(dauAuth, objtype int) bool {
 	}
 }
 
+// NeedCaptcha 是否需要验证码：
+//  - 新客注册后一段时间内需要
+//  - 发布内容太频繁（一天次数太多、间隔太快）
+func NeedCaptcha(user *model.Me) bool {
+	// 注册后 30 分钟内发布需要验证码
+	if user.CreatedAt.Add(30 * time.Minute).After(time.Now()) {
+		return true
+	}
+
+	// 发布内容是否太频繁
+	redis := nosql.NewRedisFromPool()
+	defer redis.Close()
+
+	publishTimes := redis.GET(getPublishTimesKey(user.Uid))
+	if goutils.MustInt(publishTimes) > UserSetting[model.KeyPublishTimes] {
+		return true
+	}
+
+	lastTimestampStr := redis.GET(getLastPublishTimeKey(user.Uid))
+	lastTimestamp := goutils.MustInt64(lastTimestampStr)
+	if time.Now().Unix()-lastTimestamp < int64(UserSetting[model.KeyPublishInterval]) {
+		return true
+	}
+
+	return false
+}
+
+// incrPublishTimes 增加用户发布次数
+func incrPublishTimes(uid int) {
+	redis := nosql.NewRedisFromPool()
+	defer redis.Close()
+
+	key := getPublishTimesKey(uid)
+	redis.INCR(key)
+	redis.EXPIRE(key, 86401)
+}
+
+// recordLastPubishTime 记录用户上次发布时间
+func recordLastPubishTime(uid int) {
+	redis := nosql.NewRedisFromPool()
+	defer redis.Close()
+
+	key := getLastPublishTimeKey(uid)
+	redis.SET(key, time.Now().Unix(), 86400)
+}
+
+func getPublishTimesKey(uid int) string {
+	return "publish:times:user:" + strconv.Itoa(uid) + ":date:" + times.Format("Ymd")
+}
+
+func getLastPublishTimeKey(uid int) string {
+	return "last:publish:time:user:" + strconv.Itoa(uid)
+}
+
 func website() string {
 	host := "http://"
 	if WebsiteSetting.OnlyHttps {
 
@@ -145,6 +145,9 @@ func (*TodayActiveObserver) Update(action string, uid, objtype, objid int) {
 	switch action {
 	case actionPublish:
 		weight = 20
+		// 记录当天发布次数和上次发布时时间
+		incrPublishTimes(uid)
+		recordLastPubishTime(uid)
 	case actionModify:
 		weight = 2
 	case actionComment:
 
@@ -89,10 +89,10 @@ func (this *UploaderLogic) uploadLocalFile(localFile, key string) (err error) {
 
 	var ret io.PutRet
 	var extra = &io.PutExtra{
-	// Params:   params,
-	// MimeType: mieType,
-	// Crc32:    crc32,
-	// CheckCrc: CheckCrc,
+		// Params:   params,
+		// MimeType: mieType,
+		// Crc32:    crc32,
+		// CheckCrc: CheckCrc,
 	}
 
 	// ret       变量用于存取返回的信息，详情见 io.PutRet
@@ -119,10 +119,10 @@ func (this *UploaderLogic) uploadMemoryFile(r gio.Reader, key string, size int)
 
 	var ret io.PutRet
 	var extra = &io.PutExtra{
-	// Params:   params,
-	// MimeType: mieType,
-	// Crc32:    crc32,
-	// CheckCrc: CheckCrc,
+		// Params:   params,
+		// MimeType: mieType,
+		// Crc32:    crc32,
+		// CheckCrc: CheckCrc,
 	}
 
 	// ret       变量用于存取返回的信息，详情见 io.PutRet
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ func (self AccountController) Register(ctx echo.Context) error {`
`61`	`61`	`data := map[string]interface{}{`
`62`	`62`	`"username": username,`
`63`	`63`	`"email": ctx.FormValue("email"),`
`64`		`- "captchaId": captcha.NewLen(4),`
	`64`	`+ "captchaId": captcha.NewLen(util.CaptchaLen),`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`disallowUsers := config.ConfigFile.MustValueArray("account", "disallow_user", ",")`
`@@ -72,9 +72,11 @@ func (self AccountController) Register(ctx echo.Context) error {`
`72`	`72`	`}`
`73`	`73`	`}`
`74`	`74`
	`75`	`+ captchaId := ctx.FormValue("captchaid")`
`75`	`76`	`// 校验验证码`
`76`		`- if !captcha.VerifyString(ctx.FormValue("captchaid"), ctx.FormValue("captchaSolution")) {`
`77`		`- data["error"] = "验证码错误"`
	`77`	`+ if !captcha.VerifyString(captchaId, ctx.FormValue("captchaSolution")) {`
	`78`	`+ data["error"] = "验证码错误，记得刷新验证码"`
	`79`	`+ util.SetCaptcha(captchaId)`
`78`	`80`	`return render(ctx, registerTpl, data)`
`79`	`81`	`}`
`80`	`82`