安全设置检查IP时同时也检查直接连接管理平台的上游IP

2025-11-11 10:10:28 +08:00 · 2021-08-11 10:01:23 +08:00
parent a39eb80214
commit 7afe1e0a30
2 changed files with 12 additions and 0 deletions
--- a/internal/web/helpers/user_should_auth.go
+++ b/internal/web/helpers/user_should_auth.go
@@ -5,6 +5,7 @@ import (
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
 	"github.com/iwind/TeaGo/actions"
+	"net"
 	"net/http"
 )

@@ -35,6 +36,11 @@ func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramN
 		action.ResponseWriter.WriteHeader(http.StatusForbidden)
 		return false
 	}
+	remoteAddr, _, _ := net.SplitHostPort(action.Request.RemoteAddr)
+	if len(remoteAddr) > 0 && remoteAddr != action.RequestRemoteIP() && !checkIP(securityConfig, remoteAddr) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}

 	return true
 }