From 94eab14d3d628d0b00af205c10e2fbeac8f28af7 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Mon, 8 Apr 2024 11:07:51 +0800 Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7=E4=BD=BF=E7=94=A8=E5=8F=8D?= =?UTF-8?q?=E5=90=91=E4=BB=A3=E7=90=86=E8=AE=BF=E9=97=AE=E7=B3=BB=E7=BB=9F?= =?UTF-8?q?=E6=97=B6=E4=B8=BB=E5=8A=A8=E5=BC=95=E5=AF=BC=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE=E2=80=9C=E8=87=AA=E5=AE=9A=E4=B9=89=E5=AE=A2?= =?UTF-8?q?=E6=88=B7=E7=AB=AFIP=E6=8A=A5=E5=A4=B4=E2=80=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../settings/security/dismissXFFPrompt.go | 18 ++++++++++++++++++ .../actions/default/settings/security/index.go | 7 ++++++- .../actions/default/settings/security/init.go | 1 + internal/web/helpers/user_must_auth.go | 12 ++++++++++++ internal/web/helpers/utils.go | 5 +++++ web/views/@default/dashboard/index.html | 7 +++++++ web/views/@default/dashboard/index.js | 8 ++++++++ .../@default/settings/security/index.html | 4 ++-- 8 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 internal/web/actions/default/settings/security/dismissXFFPrompt.go diff --git a/internal/web/actions/default/settings/security/dismissXFFPrompt.go b/internal/web/actions/default/settings/security/dismissXFFPrompt.go new file mode 100644 index 00000000..a2135c70 --- /dev/null +++ b/internal/web/actions/default/settings/security/dismissXFFPrompt.go @@ -0,0 +1,18 @@ +// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn . + +package security + +import ( + "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils" + "github.com/TeaOSLab/EdgeAdmin/internal/web/helpers" +) + +type DismissXFFPromptAction struct { + actionutils.ParentAction +} + +func (this *DismissXFFPromptAction) RunPost(params struct{}) { + helpers.DisableXFFPrompt() + + this.Success() +} diff --git a/internal/web/actions/default/settings/security/index.go b/internal/web/actions/default/settings/security/index.go index f4c34f48..279d6ad5 100644 --- a/internal/web/actions/default/settings/security/index.go +++ b/internal/web/actions/default/settings/security/index.go @@ -19,7 +19,11 @@ func (this *IndexAction) Init() { this.Nav("", "", "") } -func (this *IndexAction) RunGet(params struct{}) { +func (this *IndexAction) RunGet(params struct { + ShowAll bool +}) { + this.Data["showAll"] = params.ShowAll + config, err := configloaders.LoadSecurityConfig() if err != nil { this.ErrorPage(err) @@ -66,6 +70,7 @@ func (this *IndexAction) RunGet(params struct{}) { this.Data["provinces"] = provinceMaps this.Data["config"] = config + this.Show() } diff --git a/internal/web/actions/default/settings/security/init.go b/internal/web/actions/default/settings/security/init.go index ef6d5ef0..e2c451f7 100644 --- a/internal/web/actions/default/settings/security/init.go +++ b/internal/web/actions/default/settings/security/init.go @@ -14,6 +14,7 @@ func init() { Helper(settingutils.NewHelper("security")). Prefix("/settings/security"). GetPost("", new(IndexAction)). + Post("/dismissXFFPrompt", new(DismissXFFPromptAction)). EndAll() }) } diff --git a/internal/web/helpers/user_must_auth.go b/internal/web/helpers/user_must_auth.go index a3b084b3..ad1144ca 100644 --- a/internal/web/helpers/user_must_auth.go +++ b/internal/web/helpers/user_must_auth.go @@ -49,6 +49,9 @@ var nodeLogsType = "" // IP名单 var countUnreadIPItems int64 = 0 +// 安全相关 +var securityXFFPromptDisabled = false + func init() { events.On(events.EventStart, func() { // 节点日志数量 @@ -220,6 +223,15 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam } } + // 是否正在使用反向代理模式 + action.Data["teaXFFPrompt"] = false + if !securityXFFPromptDisabled && + (len(action.Header("X-Forwarded-For")) > 0 || len(action.Header("X-Real-Ip")) > 0 || len(action.Header("Cf-Connecting-Ip")) > 0) && + securityConfig != nil && + len(securityConfig.ClientIPHeaderNames) == 0 { + action.Data["teaXFFPrompt"] = true + } + // 检查用户是否存在 if !configloaders.CheckAdmin(adminId) { loginutils.UnsetCookie(action) diff --git a/internal/web/helpers/utils.go b/internal/web/helpers/utils.go index e6d96410..335f5455 100644 --- a/internal/web/helpers/utils.go +++ b/internal/web/helpers/utils.go @@ -29,6 +29,11 @@ func init() { }) } +// DisableXFFPrompt 停用XFF提示 +func DisableXFFPrompt() { + securityXFFPromptDisabled = true +} + // 检查用户IP并支持缓存 func checkIP(config *systemconfigs.SecurityConfig, ipAddr string) bool { ipCacheLocker.Lock() diff --git a/web/views/@default/dashboard/index.html b/web/views/@default/dashboard/index.html index a0a94e63..a0f63c26 100644 --- a/web/views/@default/dashboard/index.html +++ b/web/views/@default/dashboard/index.html @@ -8,6 +8,13 @@ + +
+ 检测到你正在使用反向代理访问当前系统,如果你的系统确定在一个反向代理服务的上游,为了系统的正常运行,请在安全设置中设置“自定义客户端IP报头”。 + [去设置]     + [关闭提示] +
+
diff --git a/web/views/@default/dashboard/index.js b/web/views/@default/dashboard/index.js index 74450cc0..3fd1b18e 100644 --- a/web/views/@default/dashboard/index.js +++ b/web/views/@default/dashboard/index.js @@ -222,4 +222,12 @@ Tea.context(function () { this.localLowerVersionAPINode.isRestarting = false }) } + + // 关闭XFF提示 + this.dismissXFFPrompt = function () { + this.$post("/settings/security/dismissXFFPrompt") + .success(function () { + teaweb.reload() + }) + } }) diff --git a/web/views/@default/settings/security/index.html b/web/views/@default/settings/security/index.html index 9ccf5d1d..84400186 100644 --- a/web/views/@default/settings/security/index.html +++ b/web/views/@default/settings/security/index.html @@ -56,12 +56,12 @@ - + 自定义客户端IP报头 -

可以通过此报头获取客户端IP,类似于X-Forwarded-For X-Real-IP True-Client-IP Client-IP [填入],用于使用反向代理访问管理系统的情形;如果有多个报头可以使用空格隔开。

+

可以通过此报头获取客户端IP,类似于X-Forwarded-For X-Real-IP True-Client-IP Client-IP [填入],用于使用反向代理访问管理系统的情形;如果有多个报头可以使用空格隔开。