IP 黑名单

polaris1119 · polaris1119 · commit d6db8969dc8a · 2018-10-20T19:47:27.000+08:00
diff --git a/config/db.sql b/config/db.sql
@@ -115,6 +115,7 @@ CREATE TABLE IF NOT EXISTS `user_login` (
   `username` varchar(20) NOT NULL COMMENT '用户名',
   `passcode` char(12) NOT NULL DEFAULT '' COMMENT '加密随机数',
   `passwd` char(32) NOT NULL DEFAULT '' COMMENT 'md5密码',
+  `login_ip` varchar(31) NOT NULL DEFAULT '' COMMENT '最后登录 IP',
   `login_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '最后一次登录时间（主动登录或cookie登录）',
   PRIMARY KEY (`uid`),
   UNIQUE KEY (`username`),
diff --git a/src/http/controller/admin/user.go b/src/http/controller/admin/user.go
@@ -8,6 +8,7 @@ package admin
 
 import (
 	"logic"
+	"model"
 
 	"github.com/labstack/echo"
 	"github.com/polaris1119/goutils"
@@ -21,6 +22,7 @@ func (self UserController) RegisterRoute(g *echo.Group) {
 	g.POST("/user/user/query.html", self.UserQuery)
 	g.GET("/user/user/detail", self.Detail)
 	g.POST("/user/user/modify", self.Modify)
+	g.POST("/user/user/add_black", self.AddBlack)
 }
 
 // UserList 所有用户（分页）
@@ -78,3 +80,16 @@ func (UserController) Modify(ctx echo.Context) error {
 	}
 	return success(ctx, nil)
 }
+
+func (UserController) AddBlack(ctx echo.Context) error {
+	uid := goutils.MustInt(ctx.FormValue("uid"))
+	err := logic.DefaultUser.UpdateUserStatus(ctx, uid, model.UserStatusOutage)
+	if err != nil {
+		return fail(ctx, 1, err.Error())
+	}
+
+	// 获取用户上次登录 IP
+	logic.DefaultRisk.AddBlackIPByUID(uid)
+
+	return success(ctx, nil)
+}
diff --git a/src/http/middleware/login.go b/src/http/middleware/login.go
@@ -21,6 +21,9 @@ import (
 
 	"github.com/gorilla/context"
 	"github.com/labstack/echo"
+	"github.com/polaris1119/goutils"
+
+	netcontext "golang.org/x/net/context"
 )
 
 // AutoLogin 用于 echo 框架的自动登录和通过 cookie 获取用户信息
@@ -33,9 +36,16 @@ func AutoLogin() echo.MiddlewareFunc {
 			ctx.Set("req_start_time", time.Now())
 
 			var getCurrentUser = func(usernameOrId interface{}) {
+				ip := goutils.RemoteIp(Request(ctx))
+				// IP 黑名单，不让登录
+				if logic.DefaultRisk.IsBlackIP(ip) {
+					return
+				}
+
 				if db.MasterDB != nil {
+					valCtx := netcontext.WithValue(ctx, "ip", ip)
 					// TODO: 考虑缓存，或延迟查询，避免每次都查询
-					user := logic.DefaultUser.FindCurrentUser(ctx, usernameOrId)
+					user := logic.DefaultUser.FindCurrentUser(valCtx, usernameOrId)
 					if user.Uid != 0 {
 						ctx.Set("user", user)
 
diff --git a/src/http/middleware/sensitive.go b/src/http/middleware/sensitive.go
@@ -14,7 +14,9 @@ import (
 	"model"
 
 	"github.com/labstack/echo"
+	"github.com/labstack/echo/engine/standard"
 	"github.com/polaris1119/config"
+	"github.com/polaris1119/goutils"
 	"github.com/polaris1119/logger"
 )
 
@@ -43,6 +45,8 @@ func Sensivite() echo.MiddlewareFunc {
 						// 把账号冻结
 						logic.DefaultUser.UpdateUserStatus(ctx, user.Uid, model.UserStatusFreeze)
 						logger.Infoln("user=", user.Uid, "publish ad, title=", title, ". freeze")
+						// IP 加入黑名单
+						addBlackIP(ctx)
 						return ctx.String(http.StatusOK, `{"ok":0,"error":"对不起，您的账号已被冻结！"}`)
 					}
 				}
@@ -52,6 +56,8 @@ func Sensivite() echo.MiddlewareFunc {
 				// 把账号冻结
 				logic.DefaultUser.UpdateUserStatus(ctx, user.Uid, model.UserStatusFreeze)
 				logger.Infoln("user=", user.Uid, "publish ad, title=", title, ";content=", content, ". freeze")
+				// IP 加入黑名单
+				addBlackIP(ctx)
 				return ctx.String(http.StatusOK, `{"ok":0,"error":"对不起，您的账号已被冻结！"}`)
 			}
 
@@ -97,3 +103,11 @@ func hasSensitiveChar(title, sensitive string) bool {
 
 	return true
 }
+
+func addBlackIP(ctx echo.Context) {
+	req := ctx.Request().(*standard.Request).Request
+
+	ip := goutils.RemoteIp(req)
+
+	logic.DefaultRisk.AddBlackIP(ip)
+}
diff --git a/src/logic/risk.go b/src/logic/risk.go
@@ -0,0 +1,56 @@
+// Copyright 2016 The StudyGolang Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// http://studygolang.com
+// Author:polaris	polaris@studygolang.com
+
+package logic
+
+import (
+	. "db"
+	"model"
+
+	"github.com/polaris1119/nosql"
+)
+
+type RiskLogic struct{}
+
+var DefaultRisk = RiskLogic{}
+
+// AddBlackIP 加入 IP 黑名单
+func (RiskLogic) AddBlackIP(ip string) error {
+	redisClient := nosql.NewRedisClient()
+	defer redisClient.Close()
+
+	key := "black:ip"
+	return redisClient.HSET(key, ip, "1")
+}
+
+// AddBlackIPByUID 通过用户 UID 将最后一次登录 IP 加入黑名单
+func (self RiskLogic) AddBlackIPByUID(uid int) error {
+	userLogin := &model.UserLogin{}
+	_, err := MasterDB.Where("uid=?", uid).Get(userLogin)
+	if err != nil {
+		return err
+	}
+
+	if userLogin.LoginIp != "" {
+		return self.AddBlackIP(userLogin.LoginIp)
+	}
+
+	return nil
+}
+
+// IsBlackIP 是否是 IP 黑名单
+func (RiskLogic) IsBlackIP(ip string) bool {
+	redisClient := nosql.NewRedisClient()
+	defer redisClient.Close()
+
+	key := "black:ip"
+	val, err := redisClient.HGET(key, ip)
+	if err != nil {
+		return false
+	}
+
+	return val == "1"
+}
diff --git a/src/logic/searcher.go b/src/logic/searcher.go
@@ -58,7 +58,7 @@ func (self SearcherLogic) IndexingArticle(isAll bool) {
 		if isAll {
 			err = MasterDB.Where("id>?", id).Limit(self.maxRows).OrderBy("id ASC").Find(&articleList)
 		} else {
-			timeAgo := time.Now().Add(-5 * time.Minute).Format("2006-01-02 15:04:05")
+			timeAgo := time.Now().Add(-2 * time.Minute).Format("2006-01-02 15:04:05")
 			err = MasterDB.Where("mtime>?", timeAgo).Find(&articleList)
 		}
 		if err != nil {
@@ -120,7 +120,7 @@ func (self SearcherLogic) IndexingTopic(isAll bool) {
 		if isAll {
 			err = MasterDB.Where("tid>?", id).OrderBy("tid ASC").Limit(self.maxRows).Find(&topicList)
 		} else {
-			timeAgo := time.Now().Add(-5 * time.Minute).Format("2006-01-02 15:04:05")
+			timeAgo := time.Now().Add(-2 * time.Minute).Format("2006-01-02 15:04:05")
 			err = MasterDB.Where("mtime>?", timeAgo).Find(&topicList)
 		}
 		if err != nil {
@@ -189,7 +189,7 @@ func (self SearcherLogic) IndexingResource(isAll bool) {
 		if isAll {
 			err = MasterDB.Where("id>?", id).OrderBy("id ASC").Limit(self.maxRows).Find(&resourceList)
 		} else {
-			timeAgo := time.Now().Add(-5 * time.Minute).Format("2006-01-02 15:04:05")
+			timeAgo := time.Now().Add(-2 * time.Minute).Format("2006-01-02 15:04:05")
 			err = MasterDB.Where("mtime>?", timeAgo).Find(&resourceList)
 		}
 		if err != nil {
@@ -256,7 +256,7 @@ func (self SearcherLogic) IndexingOpenProject(isAll bool) {
 		if isAll {
 			err = MasterDB.Where("id>?", id).OrderBy("id ASC").Limit(self.maxRows).Find(&projectList)
 		} else {
-			timeAgo := time.Now().Add(-5 * time.Minute).Format("2006-01-02 15:04:05")
+			timeAgo := time.Now().Add(-2 * time.Minute).Format("2006-01-02 15:04:05")
 			err = MasterDB.Where("mtime>?", timeAgo).Find(&projectList)
 		}
 		if err != nil {
diff --git a/src/logic/user.go b/src/logic/user.go
@@ -165,13 +165,15 @@ func (self UserLogic) Update(ctx context.Context, me *model.Me, form url.Values)
 }
 
 // UpdateUserStatus 更新用户状态
-func (UserLogic) UpdateUserStatus(ctx context.Context, uid, status int) {
+func (UserLogic) UpdateUserStatus(ctx context.Context, uid, status int) error {
 	objLog := GetLogger(ctx)
 
 	_, err := MasterDB.Table(new(model.User)).Id(uid).Update(map[string]interface{}{"status": status})
 	if err != nil {
 		objLog.Errorf("更新用户 【%d】 状态失败：%s", uid, err)
 	}
+
+	return err
 }
 
 // ChangeAvatar 更换头像
@@ -320,7 +322,8 @@ func (self UserLogic) FindCurrentUser(ctx context.Context, username interface{})
 	}
 
 	// TODO: 先每次都记录登录时间
-	go self.RecordLoginTime(user.Username)
+	ip := ctx.Value("ip")
+	go self.RecordLogin(user.Username, ip)
 
 	if user.IsRoot {
 		me.IsAdmin = true
@@ -425,7 +428,8 @@ func (self UserLogic) Login(ctx context.Context, username, passwd string) (*mode
 
 	go func() {
 		self.IncrUserWeight("uid", userLogin.Uid, 1)
-		self.RecordLoginTime(username)
+		ip := ctx.Value("ip")
+		self.RecordLogin(username, ip)
 	}()
 
 	return userLogin, nil
@@ -546,12 +550,18 @@ func (UserLogic) DecrUserWeight(field string, value interface{}, divide int) {
 	}
 }
 
-// RecordLoginTime 记录用户最后登录时间
-func (UserLogic) RecordLoginTime(username string) error {
+// RecordLogin 记录用户最后登录时间和 IP
+func (UserLogic) RecordLogin(username string, ipinter interface{}) error {
+	change := map[string]interface{}{
+		"login_time": time.Now(),
+	}
+	if ip, ok := ipinter.(string); ok && ip != "" {
+		change["login_ip"] = ip
+	}
 	_, err := MasterDB.Table(new(model.UserLogin)).Where("username=?", username).
-		Update(map[string]interface{}{"login_time": time.Now()})
+		Update(change)
 	if err != nil {
-		logger.Errorf("记录用户 %q 登录时间错误：%s", username, err)
+		logger.Errorf("记录用户 %q 登录错误：%s", username, err)
 	}
 	return err
 }
diff --git a/src/model/user.go b/src/model/user.go
@@ -20,10 +20,11 @@ import (
 type UserLogin struct {
 	Uid       int       `json:"uid" xorm:"pk"`
 	Username  string    `json:"username"`
+	Passcode  string    `json:"passcode"` // 加密随机串
 	Passwd    string    `json:"passwd"`
 	Email     string    `json:"email"`
+	LoginIp   string    `json:"login_ip"`
 	LoginTime time.Time `json:"login_time" xorm:"<-"`
-	Passcode  string    `json:"passcode"` // 加密随机串
 }
 
 func (this *UserLogin) TableName() string {
diff --git a/template/admin/user/query.html b/template/admin/user/query.html
@@ -25,6 +25,11 @@ <h4>总数：{{ .total }}</h4><br/>
 				<td>{{ .Ctime }}</td>
 				<td class="actions">
 					<a href="/admin/user/user/detail?uid={{ .Uid }}" target="_blank">详情</a>
+					<a data-type="ajax-submit" href="#"
+						ajax-action="/admin/user/user/add_black?uid={{ .Uid }}"
+						ajax-hint="是否确认要加黑？"
+						success-hint="加黑成功"
+						callback="delCallback">加黑</a>
 				</td>
 			</tr>
 		{{end}}
@@ -43,4 +48,4 @@ <h4>总数：{{ .total }}</h4><br/>
 <input type="hidden" id="cur_page" value="{{ .page }}"/>
 <input type="hidden" id="limit" value="{{ .limit }}"/>
 
-{{end}}
+{{end}}
diff --git a/template/cssjs/ckeditor.js.html b/template/cssjs/ckeditor.js.html
@@ -1,3 +1,3 @@
-<script type="text/javascript" src="//cdn.ckeditor.com/4.6.2/standard-all/ckeditor.js"></script>
+<script type="text/javascript" src="https://cdn.staticfile.org/ckeditor/4.6.2/ckeditor.js"></script>
 <script type="text/javascript" src="{{.static_domain}}/static/ckeditor/config.js"></script>
-<script type="text/javascript" src="{{.static_domain}}/static/ckeditor/article.js"></script>
+<script type="text/javascript" src="{{.static_domain}}/static/ckeditor/article.js"></script>
