完善了安全功能

routes/index.js

@@ -1,5 +1,6 @@
 import Router from 'koa-router';
 import { HandlerUser } from '../handler/users.js';
+import { rateLimit } from '../middleware/ratelimit.js';
 
 class ApiRouter {
   constructor() {
@@ -11,14 +12,15 @@ class ApiRouter {
   setupRoutes() {
     const userRouter = new Router({ prefix: '/user' });
 
-    userRouter.post('/register', this.handler.register.bind(this.handler));
-    userRouter.post('/signin', this.handler.signin.bind(this.handler));
+    // 限流：注册/登录接口 5次/分钟，微信登录 10次/分钟
+    userRouter.post('/register', rateLimit(5, 60_000), this.handler.register.bind(this.handler));
+    userRouter.post('/signin', rateLimit(10, 60_000), this.handler.signin.bind(this.handler));
+    userRouter.post('/wxsignin', rateLimit(10, 60_000), this.handler.wxSignin.bind(this.handler));
+
     userRouter.post('/signout', this.handler.signout.bind(this.handler));
     userRouter.post('/userInfo', this.handler.userInfo.bind(this.handler));
     userRouter.post('/update', this.handler.updateUser.bind(this.handler));
     userRouter.post('/list', this.handler.userList.bind(this.handler));
-
-    userRouter.post('/wxsignin', this.handler.wxSignin.bind(this.handler));
     userRouter.post('/wxgetphonenumber', this.handler.wxGetPhoneNumber.bind(this.handler));
 
     this.router.use(userRouter.routes());