用户使用反向代理访问系统时主动引导用户设置“自定义客户端IP报头“

2025-11-03 12:20:28 +08:00 · 2024-04-08 11:07:51 +08:00
parent fcd69a4e65
commit 94eab14d3d
8 changed files with 59 additions and 3 deletions
--- a/internal/web/actions/default/settings/security/dismissXFFPrompt.go
+++ b/internal/web/actions/default/settings/security/dismissXFFPrompt.go
@@ -0,0 +1,18 @@
+// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package security
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+)
+
+type DismissXFFPromptAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DismissXFFPromptAction) RunPost(params struct{}) {
+	helpers.DisableXFFPrompt()
+
+	this.Success()
+}
--- a/internal/web/actions/default/settings/security/index.go
+++ b/internal/web/actions/default/settings/security/index.go
@@ -19,7 +19,11 @@ func (this *IndexAction) Init() {
 	this.Nav("", "", "")
 }

-func (this *IndexAction) RunGet(params struct{}) {
+func (this *IndexAction) RunGet(params struct {
+	ShowAll bool
+}) {
+	this.Data["showAll"] = params.ShowAll
+
 	config, err := configloaders.LoadSecurityConfig()
 	if err != nil {
 		this.ErrorPage(err)
@@ -66,6 +70,7 @@ func (this *IndexAction) RunGet(params struct{}) {
 	this.Data["provinces"] = provinceMaps

 	this.Data["config"] = config
+
 	this.Show()
 }

--- a/internal/web/actions/default/settings/security/init.go
+++ b/internal/web/actions/default/settings/security/init.go
@@ -14,6 +14,7 @@ func init() {
 			Helper(settingutils.NewHelper("security")).
 			Prefix("/settings/security").
 			GetPost("", new(IndexAction)).
+			Post("/dismissXFFPrompt", new(DismissXFFPromptAction)).
 			EndAll()
 	})
 }
--- a/internal/web/helpers/user_must_auth.go
+++ b/internal/web/helpers/user_must_auth.go
@@ -49,6 +49,9 @@ var nodeLogsType = ""
 // IP名单
 var countUnreadIPItems int64 = 0

+// 安全相关
+var securityXFFPromptDisabled = false
+
 func init() {
 	events.On(events.EventStart, func() {
 		// 节点日志数量
@@ -220,6 +223,15 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
 		}
 	}

+	// 是否正在使用反向代理模式
+	action.Data["teaXFFPrompt"] = false
+	if !securityXFFPromptDisabled &&
+		(len(action.Header("X-Forwarded-For")) > 0 || len(action.Header("X-Real-Ip")) > 0 || len(action.Header("Cf-Connecting-Ip")) > 0) &&
+		securityConfig != nil &&
+		len(securityConfig.ClientIPHeaderNames) == 0 {
+		action.Data["teaXFFPrompt"] = true
+	}
+
 	// 检查用户是否存在
 	if !configloaders.CheckAdmin(adminId) {
 		loginutils.UnsetCookie(action)
--- a/internal/web/helpers/utils.go
+++ b/internal/web/helpers/utils.go
@@ -29,6 +29,11 @@ func init() {
 	})
 }

+// DisableXFFPrompt 停用XFF提示
+func DisableXFFPrompt() {
+	securityXFFPromptDisabled = true
+}
+
 // 检查用户IP并支持缓存
 func checkIP(config *systemconfigs.SecurityConfig, ipAddr string) bool {
 	ipCacheLocker.Lock()