TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-12-25 19:56:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

使用本地SID二次校验增强管理系统安全性

Browse Source
This commit is contained in:
刘祥超
2024-04-08 10:24:10 +08:00
parent 37441b26f1
commit 33a5c86beb
12 changed files with 195 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/web/actions/default/index/otp.go
View File

@@ -19,6 +19,7 @@ import (
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/maps"
"github.com/iwind/TeaGo/rands"
stringutil "github.com/iwind/TeaGo/utils/string"
"github.com/xlzd/gotp"
"time"
@@ -132,7 +133,10 @@ func (this *OtpAction) RunPost(params struct {
}
// 写入SESSION
params.Auth.StoreAdmin(adminId, params.Remember)
var localSid = rands.HexString(32)
this.Data["localSid"] = localSid
this.Data["ip"] = loginutils.RemoteIP(&this.ActionObject)
params.Auth.StoreAdmin(adminId, params.Remember, localSid)
// 删除OTP SESSION
_, err = this.RPC().LoginSessionRPC().DeleteLoginSession(this.AdminContext(), &pb.DeleteLoginSessionRequest{Sid: sid})