使用本地SID二次校验增强管理系统安全性

2025-11-06 23:00:25 +08:00 · 2024-04-08 10:24:10 +08:00
parent 37441b26f1
commit 33a5c86beb
12 changed files with 195 additions and 24 deletions
--- a/internal/web/helpers/user_should_auth.go
+++ b/internal/web/helpers/user_should_auth.go
@@ -60,12 +60,13 @@ func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramN
 }

 // StoreAdmin 存储用户名到SESSION
-func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool) {
+func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool, localSid string) {
 	loginutils.SetCookie(this.action, remember)
 	var session = this.action.Session()
 	session.Write("adminId", numberutils.FormatInt64(adminId))
 	session.Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action))
 	session.Write("@ip", loginutils.RemoteIP(this.action))
+	session.Write("@localSid", localSid)
 }

 func (this *UserShouldAuth) IsUser() bool {