Merge branch 'feature' of https://git.i2edu.net/packages/light-apiengine-feature into feature

utils/auth/light_auth.go

@@ -32,10 +32,19 @@ func (la *LightAuth) Login(c *entitys.CtrlContext) {
 	var user sysmodel.SysUser
 	ret, err := c.PlatformDbEngine.SQL(sysmodel.SqlUserLogin, logininfo.Account).Get(&user)
 	if ret && err == nil {
-		//TODO check password
+		// 输错密码5次，锁定账户10分钟不允许登录
+		if !sysutils.GetGlobalLoginCheck().CheckErrNum(user.LoginId) {
+			c.Ctx.JSON(200, sysmodel.SysReturn{400, "输错密码5次，锁定账户10分钟!", nil})
+			return
+		}
+
 		md5Pwd := sysutils.HashPassword(logininfo.Password, "")
 		//密码错误
 		if !strings.EqualFold(user.Password, md5Pwd) {
+			if !sysutils.GetGlobalLoginCheck().AddPwdErrNum(user.LoginId) {
+				c.Ctx.JSON(200, sysmodel.SysReturn{400, "输错密码5次，锁定账户10分钟!", nil})
+				return
+			}
 			c.Ctx.JSON(200, sysmodel.SysReturn{400, "password incorrect!", nil})
 			return
 		}

utils/pwd.go

@@ -10,10 +10,24 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"git.qianqiusoft.com/qianqiusoft/light-apiengine/config"
-
 	"git.qianqiusoft.com/qianqiusoft/light-apiengine/logs"
 )
 
+type LoginCheck interface {
+	AddPwdErrNum(string) bool
+	CheckErrNum(string) bool
+}
+
+var globalLoginCheck LoginCheck
+
+func GetGlobalLoginCheck() LoginCheck {
+	return globalLoginCheck
+}
+
+func SetGlobalLoginCheck(loginCheck LoginCheck) {
+	globalLoginCheck = loginCheck
+}
+
 func HashPassword(password, salt string) string {
 	h := md5.New()
 	enableDbSalt := config.AppConfig.GetBool("enable_db_salt", true)