Captcha (#1329)

* feat: #807 自定义验证码开关，可以自行配置

* 添加数据库列表支持：SQL SERVER

* [user.vue]: 新增邮箱手机合法性校验，邮箱手机非必填

* [menu.js]: 修复错误的API注释

* 调整配置文件 是其可以支持oracle和mssql

Co-authored-by: Yexk <yexk@yexk.cn>
Co-authored-by: 逆光飞翔 <191180776@qq.com>
Co-authored-by: chenteng <cc17854330572@163.com>

server/api/v1/system/sys_user.go

@@ -2,6 +2,7 @@ package system
 
 import (
 	"strconv"
+	"time"
 
 	"github.com/flipped-aurora/gin-vue-admin/server/global"
 	"github.com/flipped-aurora/gin-vue-admin/server/model/common/request"
@@ -26,6 +27,8 @@ import (
 func (b *BaseApi) Login(c *gin.Context) {
 	var l systemReq.Login
 	err := c.ShouldBindJSON(&l)
+	key := c.ClientIP()
+
 	if err != nil {
 		response.FailWithMessage(err.Error(), c)
 		return
@@ -35,22 +38,42 @@ func (b *BaseApi) Login(c *gin.Context) {
 		response.FailWithMessage(err.Error(), c)
 		return
 	}
-	if store.Verify(l.CaptchaId, l.Captcha, true) {
+
+	// 判断验证码是否开启
+	openCaptcha := global.GVA_CONFIG.Captcha.OpenCaptcha               // 是否开启防爆次数
+	openCaptchaTimeOut := global.GVA_CONFIG.Captcha.OpenCaptchaTimeOut // 缓存超时时间
+	v, ok := global.BlackCache.Get(key)
+	if !ok {
+		global.BlackCache.Set(key, 1, time.Second*time.Duration(openCaptchaTimeOut))
+	}
+
+	var oc bool
+	if openCaptcha == 0 || openCaptcha < interfaceToInt(v) {
+		oc = true
+	}
+
+	if !oc || store.Verify(l.CaptchaId, l.Captcha, true) {
 		u := &system.SysUser{Username: l.Username, Password: l.Password}
 		user, err := userService.Login(u)
 		if err != nil {
 			global.GVA_LOG.Error("登陆失败! 用户名不存在或者密码错误!", zap.Error(err))
+			// 验证码次数+1
+			global.BlackCache.Increment(key, 1)
 			response.FailWithMessage("用户名不存在或者密码错误", c)
 			return
 		}
 		if user.Enable != 1 {
 			global.GVA_LOG.Error("登陆失败! 用户被禁止登录!")
+			// 验证码次数+1
+			global.BlackCache.Increment(key, 1)
 			response.FailWithMessage("用户被禁止登录", c)
 			return
 		}
 		b.TokenNext(c, *user)
 		return
 	}
+	// 验证码次数+1
+	global.BlackCache.Increment(key, 1)
 	response.FailWithMessage("验证码错误", c)
 }