[pull] master from jeessy2:master

config/config.go

@@ -207,7 +207,7 @@ func (conf *Config) ResetPassword(newPassword string) {
 func (conf *Config) CheckPassword(newPassword string) (hashedPwd string, err error) {
 	var minEntropyBits float64 = 30
 	if conf.NotAllowWanAccess {
-		minEntropyBits = 20
+		minEntropyBits = 25
 	}
 	err = passwordvalidator.Validate(newPassword, minEntropyBits)
 	if err != nil {

go.mod

@@ -1,6 +1,6 @@
 module github.com/jeessy2/ddns-go/v6
 
-go 1.23.6
+go 1.23.12
 
 require (
 	github.com/kardianos/service v1.2.4

util/messages.go

@@ -110,7 +110,7 @@ func init() {
 	message.SetString(language.English, "%q 帐号密码不正确", "%q username or password is incorrect")
 	message.SetString(language.English, "%q 登录成功", "%q login successfully")
 	message.SetString(language.English, "用户名或密码错误", "Username or password is incorrect")
-	message.SetString(language.English, "登录失败次数过多，请等待 %d 分钟后再试", "Too many login failures, please try again after %d minutes")
+	message.SetString(language.English, "登录失败次数过多，请稍后再试", "Too many login failures, please try again later")
 	message.SetString(language.English, "用户名 %s 的密码已重置成功! 请重启ddns-go", "The password of username %s has been reset successfully! Please restart ddns-go")
 	message.SetString(language.English, "需在 %s 之前完成用户名密码设置,请重启ddns-go", "Need to complete the username and password setting before %s, please restart ddns-go")
 	message.SetString(language.English, "配置文件 %s 不存在, 可通过-c指定配置文件", "Config file %s does not exist, you can specify the configuration file through -c")

web/login.go

@@ -17,7 +17,7 @@ import (
 var loginEmbedFile embed.FS
 
 // CookieName cookie name
-var cookieName = "token"
+const cookieName = "token"
 
 // CookieInSystem only one cookie
 var cookieInSystem = &http.Cookie{}
@@ -26,7 +26,10 @@ var cookieInSystem = &http.Cookie{}
 var startTime = time.Now()
 
 // 保存限制时间
-var saveLimit = time.Duration(30 * time.Minute)
+const saveLimit = time.Duration(30) * time.Minute
+
+// 登录失败锁定时间
+const loginFailLockDuration = time.Duration(30) * time.Minute
 
 // 登录检测
 type loginDetect struct {
@@ -64,8 +67,8 @@ func LoginFunc(w http.ResponseWriter, r *http.Request) {
 	util.InitLogLang(accept)
 
 	if ld.failedTimes >= 5 {
-		lockMinute := loginUnlock()
-		returnError(w, util.LogStr("登录失败次数过多，请等待 %d 分钟后再试", lockMinute))
+		loginUnlock()
+		returnError(w, util.LogStr("登录失败次数过多，请稍后再试"))
 		return
 	}
 
@@ -147,14 +150,10 @@ func LoginFunc(w http.ResponseWriter, r *http.Request) {
 	returnError(w, util.LogStr("用户名或密码错误"))
 }
 
-// loginUnlock login unlock, return minute
-func loginUnlock() (minute uint32) {
+// loginUnlock login unlock, reset failed login attempts
+func loginUnlock() {
 	ld.failedTimes = ld.failedTimes + 1
-	x := ld.failedTimes
-	if x > 1440 {
-		x = 1440 // 最多等待一天
-	}
-	ld.ticker.Reset(time.Duration(x) * time.Minute)
+	ld.ticker.Reset(loginFailLockDuration)
 
 	go func(ticker *time.Ticker) {
 		for range ticker.C {
@@ -163,5 +162,4 @@ func loginUnlock() (minute uint32) {
 		}
 	}(ld.ticker)
 
-	return x
 }