feat: add account locking and rate limit

2026-06-17 14:06:28 +00:00 · 2026-01-06 22:02:58 +08:00
parent 105029a9f4
commit 9295e7c7be
7 changed files with 180 additions and 2 deletions
@@ -13,11 +13,13 @@ from backend.schemas.auth import (
 )
 from backend.services.auth_service import AuthService
 from backend.exceptions import BusinessLogicError
+from backend.limiter import limiter

 router = APIRouter()


@router.post("/request_qrcode", response_model=dict, summary="请求 QQ 扫码二维码")
+@limiter.limit("10/minute")  # 每分钟最多10次请求
 async def request_qrcode(
    request_obj: QRCodeRequest,
    req: Request,
@@ -156,8 +158,10 @@ async def verify_token(


@router.post("/alias_login", response_model=dict, summary="别名+密码登录")
+@limiter.limit("5/minute")  # 每分钟最多5次登录尝试
 async def alias_login(
    request: AliasLoginRequest,
+    req: Request,
    db: Session = Depends(get_db)
 ):
    """