diff --git a/internal/nodes/session_manager.go b/internal/nodes/session_manager.go index f3a81c8a..4eaa5bc5 100644 --- a/internal/nodes/session_manager.go +++ b/internal/nodes/session_manager.go @@ -11,6 +11,7 @@ import ( "strings" ) +// SessionManager SESSION管理 type SessionManager struct { life uint } diff --git a/internal/web/actions/default/index/index.go b/internal/web/actions/default/index/index.go index 4152181f..c84c3f48 100644 --- a/internal/web/actions/default/index/index.go +++ b/internal/web/actions/default/index/index.go @@ -9,6 +9,7 @@ import ( "github.com/TeaOSLab/EdgeAdmin/internal/setup" "github.com/TeaOSLab/EdgeAdmin/internal/utils" "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils" + "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils" adminserverutils "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/settings/server/admin-server-utils" "github.com/TeaOSLab/EdgeAdmin/internal/web/helpers" "github.com/TeaOSLab/EdgeCommon/pkg/configutils" @@ -103,6 +104,9 @@ func (this *IndexAction) RunGet(params struct { this.Data["rememberLogin"] = securityConfig.AllowRememberLogin } + // 删除Cookie + loginutils.UnsetCookie(this.Object()) + this.Show() } diff --git a/internal/web/actions/default/index/loginutils/utils.go b/internal/web/actions/default/index/loginutils/utils.go new file mode 100644 index 00000000..25308de7 --- /dev/null +++ b/internal/web/actions/default/index/loginutils/utils.go @@ -0,0 +1,60 @@ +// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn . + +package loginutils + +import ( + teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const" + "github.com/iwind/TeaGo/actions" + stringutil "github.com/iwind/TeaGo/utils/string" + "net/http" +) + +// CalculateClientFingerprint 计算客户端指纹 +func CalculateClientFingerprint(action *actions.ActionObject) string { + return stringutil.Md5(action.RequestRemoteIP() + "@" + action.Request.UserAgent()) +} + +func SetCookie(action *actions.ActionObject, remember bool) { + if remember { + var cookie = &http.Cookie{ + Name: teaconst.CookieSID, + Value: action.Session().Sid, + Path: "/", + MaxAge: 14 * 86400, + HttpOnly: true, + } + if action.Request.TLS != nil { + cookie.SameSite = http.SameSiteStrictMode + cookie.Secure = true + } + action.AddCookie(cookie) + } else { + var cookie = &http.Cookie{ + Name: teaconst.CookieSID, + Value: action.Session().Sid, + Path: "/", + MaxAge: 0, + HttpOnly: true, + } + if action.Request.TLS != nil { + cookie.SameSite = http.SameSiteStrictMode + cookie.Secure = true + } + action.AddCookie(cookie) + } +} + +func UnsetCookie(action *actions.ActionObject) { + cookie := &http.Cookie{ + Name: teaconst.CookieSID, + Value: action.Session().Sid, + Path: "/", + MaxAge: -1, + HttpOnly: true, + } + if action.Request.TLS != nil { + cookie.SameSite = http.SameSiteStrictMode + cookie.Secure = true + } + action.AddCookie(cookie) +} diff --git a/internal/web/helpers/user_must_auth.go b/internal/web/helpers/user_must_auth.go index dc748b37..7281e436 100644 --- a/internal/web/helpers/user_must_auth.go +++ b/internal/web/helpers/user_must_auth.go @@ -7,6 +7,7 @@ import ( "github.com/TeaOSLab/EdgeAdmin/internal/goman" "github.com/TeaOSLab/EdgeAdmin/internal/rpc" "github.com/TeaOSLab/EdgeAdmin/internal/setup" + "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs" @@ -173,8 +174,19 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam return false } + // 检查指纹 + var clientFingerprint = session.GetString("@fingerprint") + if len(clientFingerprint) > 0 && clientFingerprint != loginutils.CalculateClientFingerprint(action) { + loginutils.UnsetCookie(action) + session.Delete() + + this.login(action) + return false + } + // 检查用户是否存在 if !configloaders.CheckAdmin(adminId) { + loginutils.UnsetCookie(action) session.Delete() this.login(action) diff --git a/internal/web/helpers/user_should_auth.go b/internal/web/helpers/user_should_auth.go index 5a3ec5af..dcd2cc61 100644 --- a/internal/web/helpers/user_should_auth.go +++ b/internal/web/helpers/user_should_auth.go @@ -4,6 +4,7 @@ import ( "github.com/TeaOSLab/EdgeAdmin/internal/configloaders" teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const" "github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils" + "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils" "github.com/iwind/TeaGo/actions" "net" "net/http" @@ -53,35 +54,10 @@ func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramN // StoreAdmin 存储用户名到SESSION func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool) { - // 修改sid的时间 - if remember { - cookie := &http.Cookie{ - Name: teaconst.CookieSID, - Value: this.action.Session().Sid, - Path: "/", - MaxAge: 14 * 86400, - HttpOnly: true, - } - if this.action.Request.TLS != nil { - cookie.SameSite = http.SameSiteStrictMode - cookie.Secure = true - } - this.action.AddCookie(cookie) - } else { - cookie := &http.Cookie{ - Name: teaconst.CookieSID, - Value: this.action.Session().Sid, - Path: "/", - MaxAge: 0, - HttpOnly: true, - } - if this.action.Request.TLS != nil { - cookie.SameSite = http.SameSiteStrictMode - cookie.Secure = true - } - this.action.AddCookie(cookie) - } - this.action.Session().Write("adminId", numberutils.FormatInt64(adminId)) + loginutils.SetCookie(this.action, remember) + var session = this.action.Session() + session.Write("adminId", numberutils.FormatInt64(adminId)) + session.Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action)) } func (this *UserShouldAuth) IsUser() bool { @@ -93,5 +69,6 @@ func (this *UserShouldAuth) AdminId() int { } func (this *UserShouldAuth) Logout() { + loginutils.UnsetCookie(this.action) this.action.Session().Delete() }