ANGJustinl/whale-town-end
1
0
Fork 0
forked from datawhale/whale-town-end
Code Pull Requests Activity

CRITICAL ISSUES: Database management service with major problems

Browse Source 
WARNING: This commit contains code with significant issues that need immediate attention:

1. Type Safety Issues:
   - Unused import ZulipAccountsService causing compilation warnings
   - Implicit 'any' type in formatZulipAccount method parameter
   - Type inconsistencies in service injections

2. Service Integration Problems:
   - Inconsistent service interface usage
   - Missing proper type definitions for injected services
   - Potential runtime errors due to type mismatches

3. Code Quality Issues:
   - Violation of TypeScript strict mode requirements
   - Inconsistent error handling patterns
   - Missing proper interface implementations

 Files affected:
   - src/business/admin/database_management.service.ts (main issue)
   - Multiple test files and service implementations
   - Configuration and documentation updates

 Next steps required:
   1. Fix TypeScript compilation errors
   2. Implement proper type safety
   3. Resolve service injection inconsistencies
   4. Add comprehensive error handling
   5. Update tests to match new implementations

 Impact: High - affects admin functionality and system stability
 Priority: Urgent - requires immediate review and fixes

Author: moyin
Date: 2026-01-10
This commit is contained in:
moyin
2026-01-10 19:27:28 +08:00
parent f4ce162a38
commit d04ab7f75f
40 changed files with 5766 additions and 3519 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/core/security_core/throttle.decorator.ts
View File

@@ -42,8 +42,8 @@ export interface ThrottleConfig {
limit: number;
/** 时间窗口长度(秒) */
ttl: number;
/** 限制类型ip基于IPuser基于用户 */
type?: 'ip' | 'user';
/** 限制类型ip基于IPuser基于用户或 email基于邮箱 */
type?: 'ip' | 'user' | 'email';
/** 自定义错误消息 */
message?: string;
}
@@ -85,15 +85,21 @@ export function Throttle(config: ThrottleConfig) {
* 预定义的频率限制配置
*/
export const ThrottlePresets = {
/** 登录接口每分钟5次 */
/** 登录接口每分钟5次基于IP防止暴力破解 */
LOGIN: { limit: 5, ttl: 60, message: '登录尝试过于频繁请1分钟后再试' },
/** 登录接口基于账号每个账号每分钟3次但不同账号不互相影响 */
LOGIN_PER_ACCOUNT: { limit: 3, ttl: 60, type: 'email' as any, message: '该账号登录尝试过于频繁请1分钟后再试' },
/** 注册接口每5分钟10次开发环境放宽限制 */
REGISTER: { limit: 10, ttl: 300, message: '注册请求过于频繁请5分钟后再试' },
/** 发送验证码每分钟1次 */
/** 发送验证码每分钟1次基于IP用于防止滥用 */
SEND_CODE: { limit: 1, ttl: 60, message: '验证码发送过于频繁请1分钟后再试' },
/** 发送验证码基于邮箱每个邮箱每分钟1次但不同邮箱不互相影响 */
SEND_CODE_PER_EMAIL: { limit: 1, ttl: 60, type: 'email' as any, message: '该邮箱验证码发送过于频繁请1分钟后再试' },
/** 密码重置每小时3次 */
RESET_PASSWORD: { limit: 3, ttl: 3600, message: '密码重置请求过于频繁请1小时后再试' },

44
src/core/security_core/throttle.guard.ts
View File

@@ -230,6 +230,10 @@ export class ThrottleGuard implements CanActivate, OnModuleDestroy {
// 基于用户的限制需要从JWT中获取用户ID
const userId = this.extractUserId(request);
return `user:${userId}:${method}:${path}`;
} else if (config.type === 'email') {
// 基于邮箱的限制(从请求体中获取邮箱)
const email = this.extractEmail(request);
return `email:${email}:${method}:${path}`;
} else {
// 基于IP的限制默认
return `ip:${ip}:${method}:${path}`;
@@ -305,6 +309,46 @@ export class ThrottleGuard implements CanActivate, OnModuleDestroy {
return request.ip || 'unknown';
}
/**
* 从请求中提取邮箱地址
*
* @param request 请求对象
* @returns 邮箱地址
*/
private extractEmail(request: Request): string {
try {
// 从请求体中获取邮箱
const body = request.body;
// 优先从email字段获取
if (body && body.email) {
return body.email.toLowerCase(); // 统一转换为小写
}
// 从identifier字段获取登录接口使用这个字段
if (body && body.identifier) {
// 检查identifier是否是邮箱格式
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
if (emailRegex.test(body.identifier)) {
return body.identifier.toLowerCase();
}
// 如果不是邮箱格式,可能是用户名,也用作标识符
return body.identifier.toLowerCase();
}
// 检查其他可能的字段
if (body && body.username) {
return body.username.toLowerCase();
}
// 如果都没有找到使用IP作为fallback
return request.ip || 'unknown';
} catch (error) {
// 解析失败使用IP作为fallback
return request.ip || 'unknown';
}
}
/**
* 启动清理任务
*/