save

src/controller/base.js

@@ -147,6 +147,18 @@ module.exports = class extends think.Controller {
     const codeConfig = smsConfig.code;
     const ip = this.ctx.ip || '';
 
+    // IP 发送频率限制（防止未登录接口被刷）
+    const ipHourKey = `sms:ip_hour:${ip}`;
+    const ipDayKey = `sms:ip_day:${ip}:${dayjs().format('YYYY-MM-DD')}`;
+    const ipHourCount = (await think.cache(ipHourKey)) || 0;
+    const ipDayCount = (await think.cache(ipDayKey)) || 0;
+    if (ipHourCount >= 10) {
+      return { success: false, message: '操作过于频繁，请稍后再试' };
+    }
+    if (ipDayCount >= 30) {
+      return { success: false, message: '今日操作次数已达上限' };
+    }
+
     // 检查发送频率
     const rateLimitKey = `sms:rate_limit:${mobile}:${bizType}`;
     const lastSendTime = await think.cache(rateLimitKey);
@@ -214,6 +226,9 @@ module.exports = class extends think.Controller {
     await think.cache(codeKey, code, { timeout: codeConfig.expireMinutes * 60 * 1000 });
     await think.cache(rateLimitKey, Date.now(), { timeout: codeConfig.intervalSeconds * 1000 });
     await think.cache(dailyKey, dailyCount + 1, { timeout: 24 * 60 * 60 * 1000 });
+    // 更新 IP 计数器
+    await think.cache(ipHourKey, ipHourCount + 1, { timeout: 60 * 60 * 1000 });
+    await think.cache(ipDayKey, ipDayCount + 1, { timeout: 24 * 60 * 60 * 1000 });
 
     return { success: true, message: '验证码已发送', code };
   }