-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
594 lines (506 loc) · 24.2 KB
/
server.js
File metadata and controls
594 lines (506 loc) · 24.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
import http from 'node:http';
import fs from 'node:fs';
import querystring from 'node:querystring';
import path from 'node:path';
import crypto from 'node:crypto';
import { fileURLToPath } from 'node:url';
// 新增:ES 模块中模拟 __dirname 和 __filename(核心修复点)
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
// 用于存储验证码(key: sessionId, value: 加密后的验证码答案)
let captchaStore = {};
let verifyStore = {};
const MAX_CAPTCHA_STORE_SIZE = 10000;
const MAX_VERIFY_STORE_SIZE = 50000;
// 生成加密密钥
const ENCRYPTION_KEY = crypto.randomBytes(32);
const ENCRYPTION_IV = crypto.randomBytes(16);
function encrypt(text) {
const cipher = crypto.createCipheriv('aes-256-cbc', ENCRYPTION_KEY, ENCRYPTION_IV);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
return encrypted;
}
function decrypt(encryptedText) {
const decipher = crypto.createDecipheriv('aes-256-cbc', ENCRYPTION_KEY, ENCRYPTION_IV);
let decrypted = decipher.update(encryptedText, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
// 速率限制
const rateLimitStore = {};
const RATE_LIMIT_WINDOW = 60 * 1000;
const MAX_REQUESTS_PER_WINDOW = 100;
function generateCaptchaCode() {
const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
let code = "";
// 核心:强制生成4位有效验证码
while (code.length !== 4) {
code = "";
for (let i = 0; i < 4; i++) {
const randomIndex = crypto.randomInt(0, chars.length);
code += chars[randomIndex];
}
// 可选:排除易混淆/连续字符,提升安全性
const invalidPatterns = [
/0123|1234|2345|3456|4567|5678|6789|7890/, // 数字连续
/ABCD|BCDE|CDEF|DEFG|EFGH|FGHI|GHIJ/, // 字母连续
/AAAA|BBBB|CCCC|DDDD|EEEE|FFFF/, // 全相同字符
/0000|1111|2222|3333|4444|5555|6666|7777|8888|9999/
];
if (invalidPatterns.some(pattern => pattern.test(code))) {
code = ""; // 重新生成
}
}
console.log(`[DEBUG] Generated captcha code: ${code}`);
return code;
}
// 点阵字体
const dotMatrixFont = {
'0': [[1, 1, 1], [1, 0, 1], [1, 0, 1], [1, 0, 1], [1, 1, 1]],
'1': [[0, 1, 0], [1, 1, 0], [0, 1, 0], [0, 1, 0], [1, 1, 1]],
'2': [[1, 1, 1], [0, 0, 1], [1, 1, 1], [1, 0, 0], [1, 1, 1]],
'3': [[1, 1, 1], [0, 0, 1], [1, 1, 1], [0, 0, 1], [1, 1, 1]],
'4': [[1, 0, 1], [1, 0, 1], [1, 1, 1], [0, 0, 1], [0, 0, 1]],
'5': [[1, 1, 1], [1, 0, 0], [1, 1, 1], [0, 0, 1], [1, 1, 1]],
'6': [[1, 1, 1], [1, 0, 0], [1, 1, 1], [1, 0, 1], [1, 1, 1]],
'7': [[1, 1, 1], [0, 0, 1], [0, 0, 1], [0, 0, 1], [0, 0, 1]],
'8': [[1, 1, 1], [1, 0, 1], [1, 1, 1], [1, 0, 1], [1, 1, 1]],
'9': [[1, 1, 1], [1, 0, 1], [1, 1, 1], [0, 0, 1], [1, 1, 1]],
'A': [[1, 1, 1], [1, 0, 1], [1, 1, 1], [1, 0, 1], [1, 0, 1]],
'B': [[1, 1, 0], [1, 0, 1], [1, 1, 0], [1, 0, 1], [1, 1, 0]],
'C': [[1, 1, 1], [1, 0, 0], [1, 0, 0], [1, 0, 0], [1, 1, 1]],
'D': [[1, 1, 0], [1, 0, 1], [1, 0, 1], [1, 0, 1], [1, 1, 0]],
'E': [[1, 1, 1], [1, 0, 0], [1, 1, 1], [1, 0, 0], [1, 1, 1]],
'F': [[1, 1, 1], [1, 0, 0], [1, 1, 1], [1, 0, 0], [1, 0, 0]],
'G': [[1, 1, 1], [1, 0, 0], [1, 0, 1], [1, 0, 1], [1, 1, 1]],
'H': [[1, 0, 1], [1, 0, 1], [1, 1, 1], [1, 0, 1], [1, 0, 1]],
'J': [[1, 1, 1], [0, 0, 1], [0, 0, 1], [0, 0, 1], [1, 1, 1]],
'K': [[1, 0, 1], [1, 0, 1], [1, 1, 0], [1, 0, 1], [1, 0, 1]],
'L': [[1, 0, 0], [1, 0, 0], [1, 0, 0], [1, 0, 0], [1, 1, 1]],
'M': [[1, 0, 1], [1, 1, 1], [1, 0, 1], [1, 0, 1], [1, 0, 1]],
'N': [[1, 0, 1], [1, 1, 1], [1, 1, 1], [1, 1, 1], [1, 0, 1]],
'P': [[1, 1, 1], [1, 0, 1], [1, 1, 1], [1, 0, 0], [1, 0, 0]],
'Q': [[1, 1, 1], [1, 0, 1], [1, 0, 1], [1, 1, 1], [0, 0, 1]],
'R': [[1, 1, 1], [1, 0, 1], [1, 1, 1], [1, 0, 1], [1, 0, 1]],
'S': [[1, 1, 1], [1, 0, 0], [1, 1, 1], [0, 0, 1], [1, 1, 1]],
'T': [[1, 1, 1], [0, 1, 0], [0, 1, 0], [0, 1, 0], [0, 1, 0]],
'U': [[1, 0, 1], [1, 0, 1], [1, 0, 1], [1, 0, 1], [1, 1, 1]],
'V': [[1, 0, 1], [1, 0, 1], [1, 0, 1], [0, 1, 0], [0, 1, 0]],
'W': [[1, 0, 1], [1, 0, 1], [1, 0, 1], [1, 1, 1], [1, 0, 1]],
'X': [[1, 0, 1], [1, 0, 1], [0, 1, 0], [1, 0, 1], [1, 0, 1]],
'Y': [[1, 0, 1], [1, 0, 1], [0, 1, 0], [0, 1, 0], [0, 1, 0]],
'Z': [[1, 1, 1], [0, 0, 1], [0, 1, 0], [1, 0, 0], [1, 1, 1]]
};
function generateCaptchaSVG(captchaCode) {
// 强制4位验证码
const finalCode = (captchaCode || 'XXXX').padEnd(4, 'X').substring(0, 4);
// 固定画布尺寸(匹配前端160×70)
const width = 160, height = 70;
// 固定点阵大小(4px,保证清晰)
const dotSize = 4;
const padding = 20;
let svg = `<svg width="${width}" height="${height}" xmlns="http://www.w3.org/2000/svg" shape-rendering="crispEdges">`;
// 干净背景(去掉噪点滤镜)
svg += `<rect width="${width}" height="${height}" fill="#f8f8f8"/>`;
// ========== 轻度干扰线(不遮挡字符) ==========
const lineCount = crypto.randomInt(2, 4); // 减少线条数量
for (let i = 0; i < lineCount; i++) {
const x1 = crypto.randomInt(0, width);
const y1 = crypto.randomInt(0, height);
const x2 = crypto.randomInt(0, width);
const y2 = crypto.randomInt(0, height);
const gray = crypto.randomInt(200, 230); // 更浅的灰色
const strokeWidth = 1; // 固定细线条
// 修复:确保max > min
let cxMin = Math.min(x1, x2);
let cxMax = Math.max(x1, x2);
if (cxMin === cxMax) cxMax = cxMin + 1;
let cyMin = Math.min(y1, y2);
let cyMax = Math.max(y1, y2);
if (cyMin === cyMax) cyMax = cyMin + 1;
const cx = crypto.randomInt(cxMin, cxMax);
const cy = crypto.randomInt(cyMin, cyMax);
svg += `<path
d="M ${x1} ${y1} Q ${cx} ${cy} ${x2} ${y2}"
stroke="rgb(${gray},${gray},${gray})"
stroke-width="${strokeWidth}"
fill="none"
stroke-opacity="0.7"/>`;
}
// ========== 轻度干扰点(不密集) ==========
for (let i = 0; i < 50; i++) { // 减少点数
const x = crypto.randomInt(0, width);
const y = crypto.randomInt(0, height);
const r = crypto.randomInt(0, 2); // 更小的点
const gray = crypto.randomInt(200, 240);
svg += `<circle cx="${x}" cy="${y}" r="${r}" fill="rgb(${gray},${gray},${gray})" opacity="0.8"/>`;
}
// ========== 字符:清晰为主,轻度变形 ==========
const charWidthBase = (width - padding * 2) / 4; // 平均分配宽度
for (let i = 0; i < 4; i++) {
const char = finalCode[i];
const matrix = dotMatrixFont[char] || dotMatrixFont['X'];
// 轻微偏移(±3px),不打乱整体布局
const baseX = padding + i * charWidthBase + crypto.randomInt(-3, 4);
const baseY = (height - 5 * dotSize) / 2 + crypto.randomInt(-2, 3);
// 轻微旋转(±5°),不糊字
const rotate = ((crypto.randomInt(0, 10000) / 10000) - 0.5) * 5;
// 固定深色(确保清晰)
const gray = crypto.randomInt(20, 60);
// 固定缩放(1倍,不拉伸)
const scale = 1;
// 字符组:仅轻微旋转+偏移
svg += `<g transform="translate(${baseX}, ${baseY}) rotate(${rotate}) scale(${scale})">`;
for (let row = 0; row < matrix.length; row++) {
for (let col = 0; col < matrix[row].length; col++) {
if (matrix[row][col] === 1) {
// 无点阵偏移(确保笔画完整)
svg += `<rect
x="${col * dotSize}"
y="${row * dotSize}"
width="${dotSize - 1}"
height="${dotSize - 1}"
fill="rgb(${gray},${gray},${gray})"/>`;
}
}
}
svg += `</g>`;
}
svg += `</svg>`;
return svg;
}
function generateSessionId() {
const timestamp = Date.now().toString(36);
const random = crypto.randomBytes(32).toString("hex");
return crypto.createHash('sha256').update(timestamp + random).digest('hex');
}
function generateUID() {
const timestamp = Date.now().toString(36);
const random = crypto.randomBytes(32).toString("hex");
return crypto.createHash('sha256').update(timestamp + random).digest('hex');
}
function checkRateLimit(key) {
const now = Date.now();
if (!rateLimitStore[key]) {
rateLimitStore[key] = { requests: [], lastReset: now, blockUntil: 0, blockCount: 0 };
}
if (rateLimitStore[key].blockUntil > now) return false;
rateLimitStore[key].requests = rateLimitStore[key].requests.filter(t => now - t < RATE_LIMIT_WINDOW);
if (rateLimitStore[key].requests.length >= MAX_REQUESTS_PER_WINDOW) {
const blockDuration = Math.min(300000, rateLimitStore[key].blockCount * 60000 + 60000);
rateLimitStore[key].blockUntil = now + blockDuration;
rateLimitStore[key].blockCount++;
return false;
}
rateLimitStore[key].requests.push(now);
return true;
}
function checkSessionRateLimit(sessionId) {
const now = Date.now();
const key = `session_${sessionId}`;
if (!rateLimitStore[key]) {
rateLimitStore[key] = { requests: [], lastReset: now, blockUntil: 0, blockCount: 0 };
}
if (rateLimitStore[key].blockUntil > now) return false;
rateLimitStore[key].requests = rateLimitStore[key].requests.filter(t => now - t < 30000);
if (rateLimitStore[key].requests.length >= 5) {
const blockDuration = Math.min(300000, rateLimitStore[key].blockCount * 30000 + 30000);
rateLimitStore[key].blockUntil = now + blockDuration;
rateLimitStore[key].blockCount++;
return false;
}
rateLimitStore[key].requests.push(now);
return true;
}
function serveStaticFile(req, res) {
const urlPath = req.url;
const cleanPath = urlPath.split('?')[0].split('#')[0];
const safePath = path.normalize(cleanPath).replace(/^\.+/, "").replace(/^\//, "");
const staticPath = path.join(__dirname, "public", safePath);
const publicDir = path.resolve(__dirname, "public");
if (!staticPath.startsWith(publicDir)) {
res.writeHead(403, { "Content-Type": "application/json" });
console.log(`[DEBUG] 静态文件路径被拒绝 - ${staticPath}`);
return res.end(JSON.stringify({ success: false, message: "访问被拒绝" }));
}
const allowedExts = [".css", ".js", ".html", ".png", ".jpg", ".svg", ".ico", ".woff", ".woff2", ".ttf", ".eot"];
const ext = path.extname(staticPath).toLowerCase();
if (!allowedExts.includes(ext)) {
res.writeHead(403, { "Content-Type": "application/json" });
console.log(`[DEBUG] 静态文件扩展名被拒绝 - ${staticPath}`);
return res.end(JSON.stringify({ success: false, message: "访问被拒绝" }));
}
fs.access(staticPath, fs.constants.F_OK, (err) => {
if (err) {
res.writeHead(404, { "Content-Type": "application/json" });
console.log(`[DEBUG] 静态文件不存在 - ${staticPath}`);
return res.end(JSON.stringify({ success: false, message: "文件不存在" }));
}
fs.stat(staticPath, (err, stats) => {
if (err || !stats.isFile()) {
res.writeHead(404, { "Content-Type": "application/json" });
console.log(`[DEBUG] 静态文件不存在 - ${staticPath}`);
return res.end(JSON.stringify({ success: false, message: "文件不存在" }));
}
const contentTypes = {
".css": "text/css",
".js": "application/javascript",
".html": "text/html; charset=utf-8",
".png": "image/png",
".jpg": "image/jpeg",
".svg": "image/svg+xml",
".ico": "image/x-icon",
".woff": "font/woff",
".woff2": "font/woff2",
".ttf": "font/ttf",
".eot": "application/vnd.ms-fontobject"
};
res.setHeader("Content-Type", contentTypes[ext] || "application/octet-stream");
res.setHeader("Cache-Control", "public, max-age=3600");
const stream = fs.createReadStream(staticPath);
stream.pipe(res);
stream.on("error", (err) => {
console.error(`[${new Date().toISOString()}] 静态文件读取失败 - ${staticPath}:`, err.message);
if (!res.headersSent) {
res.writeHead(500);
res.end(JSON.stringify({ success: false, message: "服务器错误" }));
}
});
});
});
}
const server = http.createServer((req, res) => {
let clientIp = req.headers["x-forwarded-for"] || req.connection.remoteAddress;
if (clientIp && clientIp.startsWith("::ffff:")) {
clientIp = clientIp.substring(7);
}
const allowedOrigins = ["http://localhost:3000", "http://127.0.0.1:3000", "http://[::1]:3000"];
const origin = req.headers.origin;
if (allowedOrigins.includes(origin)) {
res.setHeader("Access-Control-Allow-Origin", origin);
}
res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
res.setHeader("Access-Control-Allow-Headers", "Content-Type");
res.setHeader("Access-Control-Max-Age", "86400");
if (req.method === "OPTIONS") {
res.writeHead(200);
return res.end();
}
const isStaticFile = /\.(css|js|png|jpg|svg|ico|woff|woff2|ttf|eot)$/i.test(req.url);
if (!isStaticFile && !checkRateLimit(clientIp)) {
res.writeHead(429, { "Content-Type": "application/json" });
console.log(`[DEBUG] 请求过于频繁,IP: ${clientIp}`);
return res.end(JSON.stringify({ success: false, message: "请求过于频繁,请稍后再试" })
);
}
if (isStaticFile) {
return serveStaticFile(req, res);
}
const MAX_BODY_SIZE = 1024 * 10;
let bodySize = 0;
req.on("data", (chunk) => {
bodySize += chunk.length;
if (bodySize > MAX_BODY_SIZE) {
res.writeHead(413);
console.log(`[DEBUG] 请求体过大,IP: ${clientIp}`);
res.end(JSON.stringify({ success: false, message: "请求体过大" }));
req.destroy();
}
});
// 根路径返回首页
if (req.url === "/" && req.method === "GET") {
const htmlPath = path.join(__dirname, "index.html");
fs.readFile(htmlPath, "utf8", (err, data) => {
if (err) {
console.error(`[${new Date().toISOString()}] 读取首页失败:`, err.message);
res.writeHead(500);
return res.end(JSON.stringify({ success: false, message: "服务器错误" }));
}
const sessionId = generateSessionId();
const cookieOptions = process.env.NODE_ENV === 'production' ? 'Secure; ' : '';
res.setHeader("Set-Cookie", `sessionId=${sessionId}; Path=/; HttpOnly; ${cookieOptions}SameSite=Strict`);
res.setHeader("Content-Type", "text/html; charset=utf-8");
res.end(data);
});
return;
}
else if (req.url === "/challenge" && req.method === "GET") {
const htmlPath = path.join(__dirname, "challenge.html");
fs.readFile(htmlPath, "utf8", (err, data) => {
if (err) {
console.error(`[${new Date().toISOString()}] 读取挑战页失败:`, err.message);
res.writeHead(500);
return res.end(JSON.stringify({ success: false, message: "服务器错误" }));
}
res.setHeader("Content-Type", "text/html; charset=utf-8");
res.end(data);
});
return;
}
else if (req.url === "/page" && req.method === "GET") {
const htmlPath = path.join(__dirname, "page.html");
fs.readFile(htmlPath, "utf8", (err, data) => {
if (err) {
console.error(`[${new Date().toISOString()}] 读取页面失败:`, err.message);
res.writeHead(500);
return res.end(JSON.stringify({ success: false, message: "服务器错误" }));
}
res.setHeader("Content-Type", "text/html; charset=utf-8");
res.end(data);
});
return;
}
// 获取验证码
else if (req.url === "/get-captcha" && req.method === "GET") {
const cookies = querystring.parse(req.headers.cookie || "", "; ");
const sessionId = cookies.sessionId;
if (!sessionId) {
res.writeHead(400, { "Content-Type": "application/json" });
console.log(`[DEBUG] 未获取到会话ID`);
return res.end(JSON.stringify({ success: false, message: "未获取到会话ID" }));
}
const captchaCode = generateCaptchaCode();
const captchaSVG = generateCaptchaSVG(captchaCode);
if (Object.keys(captchaStore).length >= MAX_CAPTCHA_STORE_SIZE) {
delete captchaStore[Object.keys(captchaStore)[0]];
}
captchaStore[sessionId] = {
code: encrypt(captchaCode),
timestamp: Date.now()
};
setTimeout(() => delete captchaStore[sessionId], 1000 * 60 * 1000);
res.setHeader("Content-Type", "image/svg+xml");
res.end(captchaSVG);
return;
}
// 验证验证码
else if (req.url === "/verify" && req.method === "POST") {
let postData = "";
req.on("data", (chunk) => postData += chunk);
req.on("end", () => {
try {
const formData = querystring.parse(postData);
const userCode = formData.userCode?.toUpperCase();
const detectionData = formData.detection ? JSON.parse(formData.detection) : null;
const cookies = querystring.parse(req.headers.cookie || "", "; ");
const sessionId = cookies.sessionId;
if (!userCode || !sessionId) {
res.writeHead(400, { "Content-Type": "application/json" });
console.log(`[DEBUG] 参数缺失或会话失效`);
return res.end(JSON.stringify({ success: false, message: "参数缺失或会话失效" }));
}
if (detectionData) {
if (detectionData.hasUserScript) {
res.writeHead(400, { "Content-Type": "application/json" });
console.log(`[DEBUG] 检测到用户脚本插件,验证失败`);
return res.end(JSON.stringify({ success: false, message: "检测到用户脚本插件,验证失败" }));
}
if (!detectionData.token || detectionData.token.length < 20) {
res.writeHead(400, { "Content-Type": "application/json" });
console.log(`[DEBUG] 检测信息无效,验证失败`);
return res.end(JSON.stringify({ success: false, message: "检测信息无效,验证失败" }));
}
const now = Date.now();
if (Math.abs(now - detectionData.timestamp) > 300000) {
res.writeHead(400, { "Content-Type": "application/json" });
console.log(`[DEBUG] 检测信息已过期,验证失败`);
return res.end(JSON.stringify({ success: false, message: "检测信息已过期,验证失败" }));
}
}
if (!checkSessionRateLimit(sessionId)) {
res.writeHead(429, { "Content-Type": "application/json" });
console.log(`[DEBUG] 验证尝试过于频繁,请稍后再试`);
return res.end(JSON.stringify({ success: false, message: "验证尝试过于频繁,请稍后再试" }));
}
if (!/^[A-Z0-9]{4}$/.test(userCode)) {
res.writeHead(400, { "Content-Type": "application/json" });
console.log(`[DEBUG] 验证码格式错误`);
return res.end(JSON.stringify({ success: false, message: "验证码格式错误" }));
}
const storedData = captchaStore[sessionId];
if (!storedData || !storedData.code) {
res.writeHead(400, { "Content-Type": "application/json" });
return res.end(JSON.stringify({ success: false, message: "验证码已过期,请刷新" }));
}
const correctCode = decrypt(storedData.code);
if (userCode === correctCode) {
const uid = generateUID();
if (Object.keys(verifyStore).length >= MAX_VERIFY_STORE_SIZE) {
delete verifyStore[Object.keys(verifyStore)[0]];
}
verifyStore[uid] = { verified: true, timestamp: Date.now() };
setTimeout(() => delete verifyStore[uid], 24 * 60 * 60 * 1000);
delete captchaStore[sessionId];
res.writeHead(200, { "Content-Type": "application/json" });
console.log(`[DEBUG] 验证成功,UID: ${uid}`);
res.end(JSON.stringify({ success: true, message: "验证成功", uid: uid }));
} else {
res.writeHead(400, { "Content-Type": "application/json" });
console.log(`[DEBUG] 验证码错误`);
res.end(JSON.stringify({ success: false, message: "验证码错误" }));
}
} catch (error) {
console.error(`[${new Date().toISOString()}] 验证过程出错:`, error.message);
res.writeHead(500, { "Content-Type": "application/json" });
res.end(JSON.stringify({ success: false, message: "服务器错误" }));
}
});
return;
}
// 查询验证状态
else if (req.url.startsWith("/inquire") && req.method === "GET") {
try {
const uid = new URL(req.url, `http://${req.headers.host}`).searchParams.get("uid");
if (!uid || !/^[a-f0-9]{64}$/.test(uid)) {
res.writeHead(400, { "Content-Type": "application/json" });
return res.end(JSON.stringify(false));
}
const queryRateLimitKey = `query_${clientIp}`;
if (!checkRateLimit(queryRateLimitKey)) {
res.writeHead(429, { "Content-Type": "application/json" });
return res.end(JSON.stringify(false));
}
const verifyData = verifyStore[uid];
const isVerified = verifyData && verifyData.verified === true && (Date.now() - verifyData.timestamp < 24 * 60 * 60 * 1000);
res.writeHead(200, { "Content-Type": "application/json" });
res.end(JSON.stringify(isVerified));
} catch (error) {
console.error(`[${new Date().toISOString()}] 查询验证状态出错:`, error.message);
res.writeHead(500, { "Content-Type": "application/json" });
res.end(JSON.stringify(false));
}
return;
}
// 404
else {
res.writeHead(404, { "Content-Type": "application/json" });
res.end(JSON.stringify({ success: false, message: "未找到" }));
}
});
const PORT = 3000;
server.listen(PORT, () => {
console.log(`[${new Date().toISOString()}] 服务器已启动,监听端口 ${PORT}`);
console.log(` - http://127.0.0.1:${PORT}`);
console.log(` - http://[::1]:${PORT}`);
console.log(` - http://localhost:${PORT}`);
});
// 定期清理
setInterval(() => {
const now = Date.now();
Object.keys(rateLimitStore).forEach(key => {
if (now - rateLimitStore[key].lastReset > RATE_LIMIT_WINDOW * 2) {
delete rateLimitStore[key];
}
});
Object.keys(captchaStore).forEach(sessionId => {
if (captchaStore[sessionId] && (now - captchaStore[sessionId].timestamp > 5 * 60 * 1000)) {
delete captchaStore[sessionId];
}
});
Object.keys(verifyStore).forEach(uid => {
if (verifyStore[uid] && (now - verifyStore[uid].timestamp > 24 * 60 * 60 * 1000)) {
delete verifyStore[uid];
}
});
}, 5 * 60 * 1000);