feat: Tailscale/本机IP白名单,免受防爆破封禁
This commit is contained in:
@@ -439,6 +439,13 @@ const AUTH_FAIL_MAX = 3;
|
|||||||
const authFailures = new Map(); // ip -> [timestamp, ...]
|
const authFailures = new Map(); // ip -> [timestamp, ...]
|
||||||
let bannedIPs = new Set();
|
let bannedIPs = new Set();
|
||||||
|
|
||||||
|
// Tailscale / loopback whitelist — never ban these IPs
|
||||||
|
function isWhitelistedIP(ip) {
|
||||||
|
if (!ip) return false;
|
||||||
|
const cleaned = ip.replace(/^::ffff:/, '');
|
||||||
|
return cleaned === '127.0.0.1' || cleaned === '::1' || cleaned.startsWith('100.');
|
||||||
|
}
|
||||||
|
|
||||||
function loadBannedIPs() {
|
function loadBannedIPs() {
|
||||||
try {
|
try {
|
||||||
if (fs.existsSync(BANNED_IPS_PATH)) {
|
if (fs.existsSync(BANNED_IPS_PATH)) {
|
||||||
@@ -461,7 +468,7 @@ function getClientIP(ws) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function recordAuthFailure(ip) {
|
function recordAuthFailure(ip) {
|
||||||
if (!ip) return false;
|
if (!ip || isWhitelistedIP(ip)) return false;
|
||||||
const now = Date.now();
|
const now = Date.now();
|
||||||
let list = authFailures.get(ip) || [];
|
let list = authFailures.get(ip) || [];
|
||||||
list.push(now);
|
list.push(now);
|
||||||
|
|||||||
Reference in New Issue
Block a user