feat: Tailscale/本机IP白名单,免受防爆破封禁

This commit is contained in:
cc-dan
2026-03-16 05:20:40 +00:00
parent 6d5b8a98fd
commit 5c89bff357

View File

@@ -439,6 +439,13 @@ const AUTH_FAIL_MAX = 3;
const authFailures = new Map(); // ip -> [timestamp, ...]
let bannedIPs = new Set();
// Tailscale / loopback whitelist — never ban these IPs
function isWhitelistedIP(ip) {
if (!ip) return false;
const cleaned = ip.replace(/^::ffff:/, '');
return cleaned === '127.0.0.1' || cleaned === '::1' || cleaned.startsWith('100.');
}
function loadBannedIPs() {
try {
if (fs.existsSync(BANNED_IPS_PATH)) {
@@ -461,7 +468,7 @@ function getClientIP(ws) {
}
function recordAuthFailure(ip) {
if (!ip) return false;
if (!ip || isWhitelistedIP(ip)) return false;
const now = Date.now();
let list = authFailures.get(ip) || [];
list.push(now);