Skip to content

feat(security): whitelist login control + rate limiting + login lockout#706

Closed
kill-money wants to merge 1 commit intoopenimsdk:mainfrom
kill-money:main
Closed

feat(security): whitelist login control + rate limiting + login lockout#706
kill-money wants to merge 1 commit intoopenimsdk:mainfrom
kill-money:main

Conversation

@kill-money
Copy link

@kill-money kill-money commented Mar 9, 2026

Summary

  • Add whitelist_users MongoDB collection with full CRUD interface
  • Login RPC enforces whitelist check when whitelistLoginEnabled=1 config is set
  • In-memory IP rate limiter (60 req/min) and login failure lockout (5 failures → 5 min lock)
  • Admin HTTP routes /whitelist/{add,del,update,search} for managing whitelist entries (direct MongoDB, no gRPC changes)
  • Fix Dockerfile: replace pinned go get gomake@v0.0.14 with go mod download to use the version already required by magefile.go

Test plan

  • Enable whitelistLoginEnabled=1 in config, verify non-whitelisted users are blocked with error code 20012
  • Verify whitelisted users can log in normally
  • Verify disabled whitelist entries are blocked
  • Trigger 60+ requests/min from same IP and confirm 403 rate-limit response
  • Fail login 5 times with same identifier, confirm 5-minute lockout
  • Test /whitelist/add, /whitelist/search, /whitelist/update, /whitelist/del admin endpoints
  • Rebuild Docker image and confirm mage start succeeds without gomake version errors

🤖 Generated with Claude Code

@kill-money @claude
feat(security): 白名单登录控制 + 限速中间件 + 登录锁定
8356493 
- 新增 whitelist_users MongoDB 集合及 CRUD 接口
- Login RPC 中接入白名单校验(whitelistLoginEnabled 配置开关)
- 新增 IP 限速中间件(60次/分)与登录失败锁定(5次锁5分钟)
- 管理端新增 /whitelist CRUD HTTP 路由(绕过 gRPC 直连 MongoDB)
- 修复 Dockerfile gomake 版本降级导致 mage build 失败的问题

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@pull-request-size pull-request-size bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Mar 9, 2026
@github-actions
Copy link

github-actions bot commented Mar 9, 2026

💕 Thank you for your contribution and please kindly read and sign our CLA. CLA Docs

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@kill-money kill-money closed this Mar 9, 2026
@github-actions github-actions bot locked and limited conversation to collaborators Mar 9, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Bloomingg Bloomingg Awaiting requested review from Bloomingg Bloomingg is a code owner

@FGadvancer FGadvancer Awaiting requested review from FGadvancer FGadvancer is a code owner

@skiffer-git skiffer-git Awaiting requested review from skiffer-git skiffer-git is a code owner

@withchao withchao Awaiting requested review from withchao withchao is a code owner

Assignees

No one assigned

Labels

size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kill-money