chore(otp): raise per-IP send-otp limit from 5 to 100 / 5min
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m59s
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m59s
放宽同一出口 IP 5 分钟内可发送的验证码次数,避免办公网 / 校园网 / NAT 下多个真实用户互相挤掉配额。单手机号 60s 限频不变。 注意:当前 REDIS_URL 未配置,限流走进程内 Map,多副本部署时该阈值 按 pod 各自计数,实际放大为 N × 100。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
9772ba88ae
commit
85cf284848
@ -14,7 +14,7 @@ const Body = z.object({
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* POST /api/auth/send-otp
|
* POST /api/auth/send-otp
|
||||||
* 发送短信验证码 · 单手机号 60s 限频 / 单 IP 5 分钟 5 次
|
* 发送短信验证码 · 单手机号 60s 限频 / 单 IP 5 分钟 100 次
|
||||||
*/
|
*/
|
||||||
export async function POST(req: NextRequest) {
|
export async function POST(req: NextRequest) {
|
||||||
try {
|
try {
|
||||||
@ -31,7 +31,7 @@ export async function POST(req: NextRequest) {
|
|||||||
}
|
}
|
||||||
const ip = await getClientIp();
|
const ip = await getClientIp();
|
||||||
if (ip) {
|
if (ip) {
|
||||||
const ipRl = await rateLimit(`otp:ip:${ip}`, 300, 5);
|
const ipRl = await rateLimit(`otp:ip:${ip}`, 300, 100);
|
||||||
if (!ipRl.allowed) return ERR.RATE_LIMITED();
|
if (!ipRl.allowed) return ERR.RATE_LIMITED();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user