EdgeAdmin/internal/web/helpers/user_should_auth.go

package helpers

import (
	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
	"github.com/iwind/TeaGo/actions"
	"net/http"
)

type UserShouldAuth struct {
	action *actions.ActionObject
}

func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {
	if teaconst.IsRecoverMode {
		actionPtr.Object().RedirectURL("/recover")
		return false
	}

	this.action = actionPtr.Object()

	// 安全相关
	var action = this.action
	securityConfig, _ := configloaders.LoadSecurityConfig()
	if securityConfig == nil {
		action.AddHeader("X-Frame-Options", "SAMEORIGIN")
	} else if len(securityConfig.Frame) > 0 {
		action.AddHeader("X-Frame-Options", securityConfig.Frame)
	}
	action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")

	// 检查IP
	if !checkIP(securityConfig, loginutils.RemoteIP(action)) {
		action.ResponseWriter.WriteHeader(http.StatusForbidden)
		return false
	}

	// 检查请求
	if !checkRequestSecurity(securityConfig, action.Request) {
		action.ResponseWriter.WriteHeader(http.StatusForbidden)
		return false
	}

	return true
}

// StoreAdmin 存储用户名到SESSION
func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool) {
	loginutils.SetCookie(this.action, remember)
	var session = this.action.Session()
	session.Write("adminId", numberutils.FormatInt64(adminId))
	session.Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action))
	session.Write("@ip", loginutils.RemoteIP(this.action))
}

func (this *UserShouldAuth) IsUser() bool {
	return this.action.Session().GetInt("adminId") > 0
}

func (this *UserShouldAuth) AdminId() int {
	return this.action.Session().GetInt("adminId")
}

func (this *UserShouldAuth) Logout() {
	loginutils.UnsetCookie(this.action)
	this.action.Session().Delete()
}
阶段性提交 2020-07-22 22:19:39 +08:00			`package helpers`

			`import (`
[日志审计]增加删除、清理和别的一些设置 2020-12-02 20:31:42 +08:00			`"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"`
优化系统用户登录校验 2020-12-07 11:45:45 +08:00			`teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"`
增加操作日志查看界面 2020-11-10 20:30:47 +08:00			`"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"`
提升Cookie安全性 2023-04-09 17:10:53 +08:00			`"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"`
阶段性提交 2020-07-22 22:19:39 +08:00			`"github.com/iwind/TeaGo/actions"`
			`"net/http"`
			`)`

			`type UserShouldAuth struct {`
			`action *actions.ActionObject`
			`}`

			`func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {`
增加恢复模式 2021-07-20 17:15:17 +08:00			`if teaconst.IsRecoverMode {`
			`actionPtr.Object().RedirectURL("/recover")`
			`return false`
			`}`

阶段性提交 2020-07-22 22:19:39 +08:00			`this.action = actionPtr.Object()`
增强安全性 2020-11-10 12:47:24 +08:00
			`// 安全相关`
安全设置中增加禁止搜索引擎、禁止爬虫、允许访问的域名等选项 2022-07-07 19:58:30 +08:00			`var action = this.action`
[日志审计]增加删除、清理和别的一些设置 2020-12-02 20:31:42 +08:00			`securityConfig, _ := configloaders.LoadSecurityConfig()`
增加简单的安全设置 2020-11-20 18:06:54 +08:00			`if securityConfig == nil {`
增强安全性 2020-11-10 12:47:24 +08:00			`action.AddHeader("X-Frame-Options", "SAMEORIGIN")`
增加简单的安全设置 2020-11-20 18:06:54 +08:00			`} else if len(securityConfig.Frame) > 0 {`
			`action.AddHeader("X-Frame-Options", securityConfig.Frame)`
增强安全性 2020-11-10 12:47:24 +08:00			`}`
			`action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")`

安全设置增加允许访问的国家地区、省份、是否局域网访问 2020-11-20 21:59:12 +08:00			`// 检查IP`
管理系统安全设置增加“自定义客户端IP报头” 2023-12-10 10:46:35 +08:00			`if !checkIP(securityConfig, loginutils.RemoteIP(action)) {`
安全设置检查IP时同时也检查直接连接管理平台的上游IP 2021-08-11 10:01:23 +08:00			`action.ResponseWriter.WriteHeader(http.StatusForbidden)`
			`return false`
			`}`
安全设置增加允许访问的国家地区、省份、是否局域网访问 2020-11-20 21:59:12 +08:00
安全设置中增加禁止搜索引擎、禁止爬虫、允许访问的域名等选项 2022-07-07 19:58:30 +08:00			`// 检查请求`
			`if !checkRequestSecurity(securityConfig, action.Request) {`
			`action.ResponseWriter.WriteHeader(http.StatusForbidden)`
			`return false`
			`}`

阶段性提交 2020-07-22 22:19:39 +08:00			`return true`
			`}`

增加恢复模式 2021-07-20 17:15:17 +08:00			`// StoreAdmin 存储用户名到SESSION`
增加操作日志查看界面 2020-11-10 20:30:47 +08:00			`func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool) {`
提升Cookie安全性 2023-04-09 17:10:53 +08:00			`loginutils.SetCookie(this.action, remember)`
			`var session = this.action.Session()`
			`session.Write("adminId", numberutils.FormatInt64(adminId))`
			`session.Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action))`
安全设置增加“检查客户端指纹"和"检查客户端区域"选项 2023-04-19 18:25:10 +08:00			`session.Write("@ip", loginutils.RemoteIP(this.action))`
阶段性提交 2020-07-22 22:19:39 +08:00			`}`

			`func (this *UserShouldAuth) IsUser() bool {`
			`return this.action.Session().GetInt("adminId") > 0`
			`}`

			`func (this *UserShouldAuth) AdminId() int {`
			`return this.action.Session().GetInt("adminId")`
			`}`

			`func (this *UserShouldAuth) Logout() {`
提升Cookie安全性 2023-04-09 17:10:53 +08:00			`loginutils.UnsetCookie(this.action)`
阶段性提交 2020-07-22 22:19:39 +08:00			`this.action.Session().Delete()`
			`}`