TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-06 23:00:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

用户使用反向代理访问系统时主动引导用户设置“自定义客户端IP报头“

Browse Source
This commit is contained in:
GoEdgeLab
2024-04-08 11:07:51 +08:00
parent fcd69a4e65
commit 94eab14d3d
8 changed files with 59 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/web/actions/default/settings/security/dismissXFFPrompt.go Normal file
View File

@@ -0,0 +1,18 @@
// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
package security
import (
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
)
type DismissXFFPromptAction struct {
actionutils.ParentAction
}
func (this *DismissXFFPromptAction) RunPost(params struct{}) {
helpers.DisableXFFPrompt()
this.Success()
}

7
internal/web/actions/default/settings/security/index.go
View File

@@ -19,7 +19,11 @@ func (this *IndexAction) Init() {
this.Nav("", "", "") this.Nav("", "", "")
} }
func (this *IndexAction) RunGet(params struct{}) { func (this *IndexAction) RunGet(params struct {
ShowAll bool
}) {
this.Data["showAll"] = params.ShowAll
config, err := configloaders.LoadSecurityConfig() config, err := configloaders.LoadSecurityConfig()
if err != nil { if err != nil {
this.ErrorPage(err) this.ErrorPage(err)
@@ -66,6 +70,7 @@ func (this *IndexAction) RunGet(params struct{}) {
this.Data["provinces"] = provinceMaps this.Data["provinces"] = provinceMaps
this.Data["config"] = config this.Data["config"] = config
this.Show() this.Show()
} }

1
internal/web/actions/default/settings/security/init.go
View File

@@ -14,6 +14,7 @@ func init() {
Helper(settingutils.NewHelper("security")). Helper(settingutils.NewHelper("security")).
Prefix("/settings/security"). Prefix("/settings/security").
GetPost("", new(IndexAction)). GetPost("", new(IndexAction)).
Post("/dismissXFFPrompt", new(DismissXFFPromptAction)).
EndAll() EndAll()
}) })
} }

12
internal/web/helpers/user_must_auth.go
View File

@@ -49,6 +49,9 @@ var nodeLogsType = ""
// IP名单 // IP名单
var countUnreadIPItems int64 = 0 var countUnreadIPItems int64 = 0
// 安全相关
var securityXFFPromptDisabled = false
func init() { func init() {
events.On(events.EventStart, func() { events.On(events.EventStart, func() {
// 节点日志数量 // 节点日志数量
@@ -220,6 +223,15 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
} }
} }
// 是否正在使用反向代理模式
action.Data["teaXFFPrompt"] = false
if !securityXFFPromptDisabled &&
(len(action.Header("X-Forwarded-For")) > 0 || len(action.Header("X-Real-Ip")) > 0 || len(action.Header("Cf-Connecting-Ip")) > 0) &&
securityConfig != nil &&
len(securityConfig.ClientIPHeaderNames) == 0 {
action.Data["teaXFFPrompt"] = true
}
// 检查用户是否存在 // 检查用户是否存在
if !configloaders.CheckAdmin(adminId) { if !configloaders.CheckAdmin(adminId) {
loginutils.UnsetCookie(action) loginutils.UnsetCookie(action)

5
internal/web/helpers/utils.go
View File

@@ -29,6 +29,11 @@ func init() {
}) })
} }
// DisableXFFPrompt 停用XFF提示
func DisableXFFPrompt() {
securityXFFPromptDisabled = true
}
// 检查用户IP并支持缓存 // 检查用户IP并支持缓存
func checkIP(config *systemconfigs.SecurityConfig, ipAddr string) bool { func checkIP(config *systemconfigs.SecurityConfig, ipAddr string) bool {
ipCacheLocker.Lock() ipCacheLocker.Lock()

7
web/views/@default/dashboard/index.html
View File

@@ -8,6 +8,13 @@
</div> </div>
</div> </div>
<!-- XFF设置提示 -->
<div class="ui message warning" v-if="teaXFFPrompt">
检测到你正在使用反向代理访问当前系统如果你的系统确定在一个反向代理服务的上游为了系统的正常运行请在安全设置中设置“自定义客户端IP报头”。
<a href="/settings/security?showAll=1#client-header-names">[去设置]</a> &nbsp; &nbsp;
<a href="" @click.prevent="dismissXFFPrompt">[关闭提示]</a>
</div>
<!-- 没有节点提醒 --> <!-- 没有节点提醒 -->
<div class="ui icon message warning" v-if="!isLoading && dashboard.defaultClusterId > 0 && dashboard.countNodes == 0"> <div class="ui icon message warning" v-if="!isLoading && dashboard.defaultClusterId > 0 && dashboard.countNodes == 0">
<i class="icon warning circle"></i> <i class="icon warning circle"></i>

8
web/views/@default/dashboard/index.js
View File

@@ -222,4 +222,12 @@ Tea.context(function () {
this.localLowerVersionAPINode.isRestarting = false this.localLowerVersionAPINode.isRestarting = false
}) })
} }
// 关闭XFF提示
this.dismissXFFPrompt = function () {
this.$post("/settings/security/dismissXFFPrompt")
.success(function () {
teaweb.reload()
})
}
}) })

4
web/views/@default/settings/security/index.html
View File

@@ -56,12 +56,12 @@
<more-options-indicator></more-options-indicator> <more-options-indicator></more-options-indicator>
</td> </td>
</tr> </tr>
<tbody v-show="moreOptionsVisible"> <tbody v-show="moreOptionsVisible || showAll">
<tr> <tr>
<td>自定义客户端IP报头</td> <td>自定义客户端IP报头</td>
<td> <td>
<input type="text" name="clientIPHeaderNames" v-model="config.clientIPHeaderNames"/> <input type="text" name="clientIPHeaderNames" v-model="config.clientIPHeaderNames"/>
<p class="comment">可以通过此报头获取客户端IP类似于<code-label>X-Forwarded-For X-Real-IP True-Client-IP Client-IP</code-label>&nbsp;<a href=""><span class="small" @click.prevent="addDefaultClientIPHeaderNames('X-Forwarded-For X-Real-IP True-Client-IP Client-IP')">[填入]</span></a>,用于使用反向代理访问管理系统的情形;如果有多个报头可以使用空格隔开。</p> <p class="comment"><a id="client-header-names"></a>可以通过此报头获取客户端IP类似于<code-label>X-Forwarded-For X-Real-IP True-Client-IP Client-IP</code-label>&nbsp;<a href=""><span class="small" @click.prevent="addDefaultClientIPHeaderNames('X-Forwarded-For X-Real-IP True-Client-IP Client-IP')">[填入]</span></a>,用于使用反向代理访问管理系统的情形;如果有多个报头可以使用空格隔开。</p>
</td> </td>
</tr> </tr>
<tr> <tr>