From 52ffcc2fd6d02b3095438705f97e9eca8bed61c1 Mon Sep 17 00:00:00 2001
From: leiyun <leiyun@home.com>
Date: Sat, 28 Mar 2026 16:17:24 +0800
Subject: [PATCH] save

---
 src/controller/base.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/controller/base.js b/src/controller/base.js
index 7a2979b..d222bd5 100644
--- a/src/controller/base.js
+++ b/src/controller/base.js
@@ -147,6 +147,18 @@ module.exports = class extends think.Controller {
     const codeConfig = smsConfig.code;
     const ip = this.ctx.ip || '';
 
+    // IP 发送频率限制（防止未登录接口被刷）
+    const ipHourKey = `sms:ip_hour:${ip}`;
+    const ipDayKey = `sms:ip_day:${ip}:${dayjs().format('YYYY-MM-DD')}`;
+    const ipHourCount = (await think.cache(ipHourKey)) || 0;
+    const ipDayCount = (await think.cache(ipDayKey)) || 0;
+    if (ipHourCount >= 10) {
+      return { success: false, message: '操作过于频繁，请稍后再试' };
+    }
+    if (ipDayCount >= 30) {
+      return { success: false, message: '今日操作次数已达上限' };
+    }
+
     // 检查发送频率
     const rateLimitKey = `sms:rate_limit:${mobile}:${bizType}`;
     const lastSendTime = await think.cache(rateLimitKey);
@@ -214,6 +226,9 @@ module.exports = class extends think.Controller {
     await think.cache(codeKey, code, { timeout: codeConfig.expireMinutes * 60 * 1000 });
     await think.cache(rateLimitKey, Date.now(), { timeout: codeConfig.intervalSeconds * 1000 });
     await think.cache(dailyKey, dailyCount + 1, { timeout: 24 * 60 * 60 * 1000 });
+    // 更新 IP 计数器
+    await think.cache(ipHourKey, ipHourCount + 1, { timeout: 60 * 60 * 1000 });
+    await think.cache(ipDayKey, ipDayCount + 1, { timeout: 24 * 60 * 60 * 1000 });
 
     return { success: true, message: '验证码已发送', code };
   }