提升Cookie安全性

2025-11-03 20:40:26 +08:00 · 2023-04-09 17:10:53 +08:00
parent 368149b70c
commit 9e3770aac9
5 changed files with 83 additions and 29 deletions
--- a/internal/web/actions/default/index/index.go
+++ b/internal/web/actions/default/index/index.go
@@ -9,6 +9,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/setup"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
 	adminserverutils "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/settings/server/admin-server-utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
@@ -103,6 +104,9 @@ func (this *IndexAction) RunGet(params struct {
 		this.Data["rememberLogin"] = securityConfig.AllowRememberLogin
 	}

+	// 删除Cookie
+	loginutils.UnsetCookie(this.Object())
+
 	this.Show()
 }

--- a/internal/web/actions/default/index/loginutils/utils.go
+++ b/internal/web/actions/default/index/loginutils/utils.go
@@ -0,0 +1,60 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package loginutils
+
+import (
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/iwind/TeaGo/actions"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+	"net/http"
+)
+
+// CalculateClientFingerprint 计算客户端指纹
+func CalculateClientFingerprint(action *actions.ActionObject) string {
+	return stringutil.Md5(action.RequestRemoteIP() + "@" + action.Request.UserAgent())
+}
+
+func SetCookie(action *actions.ActionObject, remember bool) {
+	if remember {
+		var cookie = &http.Cookie{
+			Name:     teaconst.CookieSID,
+			Value:    action.Session().Sid,
+			Path:     "/",
+			MaxAge:   14 * 86400,
+			HttpOnly: true,
+		}
+		if action.Request.TLS != nil {
+			cookie.SameSite = http.SameSiteStrictMode
+			cookie.Secure = true
+		}
+		action.AddCookie(cookie)
+	} else {
+		var cookie = &http.Cookie{
+			Name:     teaconst.CookieSID,
+			Value:    action.Session().Sid,
+			Path:     "/",
+			MaxAge:   0,
+			HttpOnly: true,
+		}
+		if action.Request.TLS != nil {
+			cookie.SameSite = http.SameSiteStrictMode
+			cookie.Secure = true
+		}
+		action.AddCookie(cookie)
+	}
+}
+
+func UnsetCookie(action *actions.ActionObject) {
+	cookie := &http.Cookie{
+		Name:     teaconst.CookieSID,
+		Value:    action.Session().Sid,
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+	}
+	if action.Request.TLS != nil {
+		cookie.SameSite = http.SameSiteStrictMode
+		cookie.Secure = true
+	}
+	action.AddCookie(cookie)
+}