安全设置检查IP时同时也检查直接连接管理平台的上游IP

internal/web/helpers/user_must_auth.go

@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/setup"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"net"
 	"net/http"
 	"reflect"
 	"strings"
@@ -63,6 +64,11 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
 		action.ResponseWriter.WriteHeader(http.StatusForbidden)
 		return false
 	}
+	remoteAddr, _, _ := net.SplitHostPort(action.Request.RemoteAddr)
+	if len(remoteAddr) > 0 && remoteAddr != action.RequestRemoteIP() && !checkIP(securityConfig, remoteAddr) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
 
 	// 检查系统是否已经配置过
 	if !setup.IsConfigured() {

internal/web/helpers/user_should_auth.go

@@ -5,6 +5,7 @@ import (
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
 	"github.com/iwind/TeaGo/actions"
+	"net"
 	"net/http"
 )
 
@@ -35,6 +36,11 @@ func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramN
 		action.ResponseWriter.WriteHeader(http.StatusForbidden)
 		return false
 	}
+	remoteAddr, _, _ := net.SplitHostPort(action.Request.RemoteAddr)
+	if len(remoteAddr) > 0 && remoteAddr != action.RequestRemoteIP() && !checkIP(securityConfig, remoteAddr) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
 
 	return true
 }