TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-09 16:50:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

“系统设置 -- 安全管理”里可以单独添加允许访问的IP

Browse Source
This commit is contained in:
刘祥超
2021-03-28 15:50:28 +08:00
parent 658c5ae6dd
commit 74e6c7a87c
4 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/configloaders/security_config.go
View File

@@ -52,6 +52,10 @@ func UpdateSecurityConfig(securityConfig *systemconfigs.SecurityConfig) error {
if err != nil { if err != nil {
return err return err
} }
err = securityConfig.Init()
if err != nil {
return err
}
sharedSecurityConfig = securityConfig sharedSecurityConfig = securityConfig
// 通知更新 // 通知更新
@@ -86,6 +90,10 @@ func loadSecurityConfig() (*systemconfigs.SecurityConfig, error) {
sharedSecurityConfig = defaultSecurityConfig() sharedSecurityConfig = defaultSecurityConfig()
return sharedSecurityConfig, nil return sharedSecurityConfig, nil
} }
err = config.Init()
if err != nil {
return nil, err
}
sharedSecurityConfig = config sharedSecurityConfig = config
return sharedSecurityConfig, nil return sharedSecurityConfig, nil
} }

18
internal/web/actions/default/settings/security/index.go
View File

@@ -5,6 +5,7 @@ import (
"github.com/TeaOSLab/EdgeAdmin/internal/configloaders" "github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils" "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
"github.com/iwind/TeaGo/actions" "github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/maps" "github.com/iwind/TeaGo/maps"
) )
@@ -23,6 +24,9 @@ func (this *IndexAction) RunGet(params struct{}) {
this.ErrorPage(err) this.ErrorPage(err)
return return
} }
if config.AllowIPs == nil {
config.AllowIPs = []string{}
}
// 国家和地区 // 国家和地区
countryMaps := []maps.Map{} countryMaps := []maps.Map{}
@@ -69,6 +73,7 @@ func (this *IndexAction) RunPost(params struct {
CountryIdsJSON []byte CountryIdsJSON []byte
ProvinceIdsJSON []byte ProvinceIdsJSON []byte
AllowLocal bool AllowLocal bool
AllowIPs []string
Must *actions.Must Must *actions.Must
CSRF *actionutils.CSRF CSRF *actionutils.CSRF
@@ -106,6 +111,19 @@ func (this *IndexAction) RunPost(params struct {
} }
config.AllowProvinceIds = provinceIds config.AllowProvinceIds = provinceIds
// 允许的IP
if len(params.AllowIPs) > 0 {
for _, ip := range params.AllowIPs {
_, err := shared.ParseIPRange(ip)
if err != nil {
this.Fail("允许访问的IP '" + ip + "' 格式错误:" + err.Error())
}
}
config.AllowIPs = params.AllowIPs
} else {
config.AllowIPs = []string{}
}
// 允许本地 // 允许本地
config.AllowLocal = params.AllowLocal config.AllowLocal = params.AllowLocal

10
internal/web/helpers/utils.go
View File

@@ -89,6 +89,16 @@ func checkIPWithoutCache(config *systemconfigs.SecurityConfig, ipAddr string) bo
} }
} }
// 检查单独允许的IP
if len(config.AllowIPRanges()) > 0 {
for _, r := range config.AllowIPRanges() {
if r.Contains(ipAddr) {
return true
}
}
return false
}
return true return true
} }

7
web/views/@default/settings/security/index.html
View File

@@ -29,6 +29,13 @@
<p class="comment">设置后,只有这些省份才能访问管理界面,如果不设置表示没有限制。</p> <p class="comment">设置后,只有这些省份才能访问管理界面,如果不设置表示没有限制。</p>
</td> </td>
</tr> </tr>
<tr>
<td>允许访问的IP</td>
<td>
<values-box name="allowIPs" placeholder="IP或者CIDR IP段" :values="config.allowIPs"></values-box>
<p class="comment">如果不为空,则<strong>仅仅允许</strong>这些IP访问其他的IP访问时会被拒绝。</p>
</td>
</tr>
<tr> <tr>
<td>允许局域网访问</td> <td>允许局域网访问</td>
<td> <td>