EdgeAdmin/internal/web/actions/default/index/loginutils/utils.go

// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .

package loginutils

import (
	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
	"github.com/iwind/TeaGo/actions"
	stringutil "github.com/iwind/TeaGo/utils/string"
	"net"
	"net/http"
	"regexp"
	"strings"
)

// CalculateClientFingerprint 计算客户端指纹
func CalculateClientFingerprint(action *actions.ActionObject) string {
	return stringutil.Md5(RemoteIP(action) + "@" + action.Request.UserAgent())
}

// RemoteIP 获取客户端IP
func RemoteIP(action *actions.ActionObject) string {
	securityConfig, _ := configloaders.LoadSecurityConfig()

	if securityConfig != nil {
		if len(securityConfig.ClientIPHeaderNames) > 0 {
			var headerNames = regexp.MustCompile(`[,;\s，、；]`).Split(securityConfig.ClientIPHeaderNames, -1)
			for _, headerName := range headerNames {
				headerName = http.CanonicalHeaderKey(strings.TrimSpace(headerName))
				if len(headerName) == 0 {
					continue
				}

				var ipValue = action.Request.Header.Get(headerName)
				if net.ParseIP(ipValue) != nil {
					return ipValue
				}
			}

			if securityConfig.ClientIPHeaderOnly {
				return ""
			}
		}
	}

	ip, _, _ := net.SplitHostPort(action.Request.RemoteAddr)
	return ip
}

// LookupIPRegion 查找登录区域
func LookupIPRegion(ip string) string {
	if len(ip) == 0 {
		return ""
	}

	var result = iplibrary.LookupIP(ip)
	if result != nil && result.IsOk() {
		// 这里不需要网络运营商信息
		return result.CountryName() + "@" + result.ProvinceName() + "@" + result.CityName() + "@" + result.TownName()
	}

	return ""
}

// SetCookie 设置Cookie
func SetCookie(action *actions.ActionObject, remember bool) {
	if remember {
		var cookie = &http.Cookie{
			Name:     teaconst.CookieSID,
			Value:    action.Session().Sid,
			Path:     "/",
			MaxAge:   14 * 86400,
			HttpOnly: true,
		}
		if action.Request.TLS != nil {
			cookie.SameSite = http.SameSiteStrictMode
			cookie.Secure = true
		}
		action.AddCookie(cookie)
	} else {
		var cookie = &http.Cookie{
			Name:     teaconst.CookieSID,
			Value:    action.Session().Sid,
			Path:     "/",
			MaxAge:   0,
			HttpOnly: true,
		}
		if action.Request.TLS != nil {
			cookie.SameSite = http.SameSiteStrictMode
			cookie.Secure = true
		}
		action.AddCookie(cookie)
	}
}

// UnsetCookie 重置Cookie
func UnsetCookie(action *actions.ActionObject) {
	cookie := &http.Cookie{
		Name:     teaconst.CookieSID,
		Value:    action.Session().Sid,
		Path:     "/",
		MaxAge:   -1,
		HttpOnly: true,
	}
	if action.Request.TLS != nil {
		cookie.SameSite = http.SameSiteStrictMode
		cookie.Secure = true
	}
	action.AddCookie(cookie)
}
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+								// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
 								package loginutils
 								import (
-												管理系统安全设置增加“自定义客户端IP报头”

											
										
										
											2023-12-10 10:46:35 +08:00
+									"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+									teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
-												安全设置增加“检查客户端指纹"和"检查客户端区域"选项

											
										
										
											2023-04-19 18:25:10 +08:00
+									"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+									"github.com/iwind/TeaGo/actions"
 									stringutil "github.com/iwind/TeaGo/utils/string"
-												安全设置增加“检查客户端指纹"和"检查客户端区域"选项

											
										
										
											2023-04-19 18:25:10 +08:00
+									"net"
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+									"net/http"
-												管理系统安全设置增加“自定义客户端IP报头”

											
										
										
											2023-12-10 10:46:35 +08:00
+									"regexp"
 									"strings"
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+								)
 								// CalculateClientFingerprint 计算客户端指纹
 								func CalculateClientFingerprint(action *actions.ActionObject) string {
-												安全设置增加“检查客户端指纹"和"检查客户端区域"选项

											
										
										
											2023-04-19 18:25:10 +08:00
+									return stringutil.Md5(RemoteIP(action) + "@" + action.Request.UserAgent())
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+								}
-												安全设置增加“检查客户端指纹"和"检查客户端区域"选项

											
										
										
											2023-04-19 18:25:10 +08:00
+								// RemoteIP 获取客户端IP
 								func RemoteIP(action *actions.ActionObject) string {
-												管理系统安全设置增加“自定义客户端IP报头”

											
										
										
											2023-12-10 10:46:35 +08:00
+									securityConfig, _ := configloaders.LoadSecurityConfig()
 									if securityConfig != nil {
 										if len(securityConfig.ClientIPHeaderNames) > 0 {
 											var headerNames = regexp.MustCompile(`[,;\s，、；]`).Split(securityConfig.ClientIPHeaderNames, -1)
 											for _, headerName := range headerNames {
 												headerName = http.CanonicalHeaderKey(strings.TrimSpace(headerName))
 												if len(headerName) == 0 {
 													continue
 												}
 												var ipValue = action.Request.Header.Get(headerName)
 												if net.ParseIP(ipValue) != nil {
 													return ipValue
 												}
 											}
-												系统安全设置中增加“仅从自定义报头中获取IP”选项

											
										
										
											2024-04-08 11:21:56 +08:00
 											if securityConfig.ClientIPHeaderOnly {
 												return ""
 											}
-												管理系统安全设置增加“自定义客户端IP报头”

											
										
										
											2023-12-10 10:46:35 +08:00
+										}
 									}
-												安全设置增加“检查客户端指纹"和"检查客户端区域"选项

											
										
										
											2023-04-19 18:25:10 +08:00
+									ip, _, _ := net.SplitHostPort(action.Request.RemoteAddr)
 									return ip
 								}
 								// LookupIPRegion 查找登录区域
 								func LookupIPRegion(ip string) string {
 									if len(ip) == 0 {
 										return ""
 									}
 									var result = iplibrary.LookupIP(ip)
 									if result != nil && result.IsOk() {
 										// 这里不需要网络运营商信息
 										return result.CountryName() + "@" + result.ProvinceName() + "@" + result.CityName() + "@" + result.TownName()
 									}
 									return ""
 								}
 								// SetCookie 设置Cookie
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+								func SetCookie(action *actions.ActionObject, remember bool) {
 									if remember {
 										var cookie = &http.Cookie{
 											Name:     teaconst.CookieSID,
 											Value:    action.Session().Sid,
 											Path:     "/",
 											MaxAge:   14 * 86400,
 											HttpOnly: true,
 										}
 										if action.Request.TLS != nil {
 											cookie.SameSite = http.SameSiteStrictMode
 											cookie.Secure = true
 										}
 										action.AddCookie(cookie)
 									} else {
 										var cookie = &http.Cookie{
 											Name:     teaconst.CookieSID,
 											Value:    action.Session().Sid,
 											Path:     "/",
 											MaxAge:   0,
 											HttpOnly: true,
 										}
 										if action.Request.TLS != nil {
 											cookie.SameSite = http.SameSiteStrictMode
 											cookie.Secure = true
 										}
 										action.AddCookie(cookie)
 									}
 								}
-												安全设置增加“检查客户端指纹"和"检查客户端区域"选项

											
										
										
											2023-04-19 18:25:10 +08:00
+								// UnsetCookie 重置Cookie
-												提升Cookie安全性

											
										
										
											2023-04-09 17:10:53 +08:00
+								func UnsetCookie(action *actions.ActionObject) {
 									cookie := &http.Cookie{
 										Name:     teaconst.CookieSID,
 										Value:    action.Session().Sid,
 										Path:     "/",
 										MaxAge:   -1,
 										HttpOnly: true,
 									}
 									if action.Request.TLS != nil {
 										cookie.SameSite = http.SameSiteStrictMode
 										cookie.Secure = true
 									}
 									action.AddCookie(cookie)
 								}