fix: round 10 critical fixes - WebSocket race, rate limiting, XSS protection, Caddyfile, and input validation
This commit is contained in:
@@ -53,6 +53,30 @@ func (rl *RateLimiter) Handler() gin.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
// HandlerWithKey 返回按自定义 key 限流的中间件(如 IP + 端点组合)
|
||||
func (rl *RateLimiter) HandlerWithKey(keyFn func(c *gin.Context) string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
key := keyFn(c)
|
||||
|
||||
if !rl.allow(key) {
|
||||
c.JSON(http.StatusTooManyRequests, gin.H{
|
||||
"error": "请求过于频繁,请稍后再试",
|
||||
})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// AuthIPKey 返回按 IP + 端点限流的 key(用于认证端点)
|
||||
func AuthIPKey(endpoint string) func(c *gin.Context) string {
|
||||
return func(c *gin.Context) string {
|
||||
return "auth_" + endpoint + "_" + c.ClientIP()
|
||||
}
|
||||
}
|
||||
|
||||
func (rl *RateLimiter) allow(key string) bool {
|
||||
rl.mu.Lock()
|
||||
defer rl.mu.Unlock()
|
||||
|
||||
Reference in New Issue
Block a user