增加简单的安全设置

2025-12-25 19:56:35 +08:00 · 2020-11-20 18:06:54 +08:00
parent f8b6116c73
commit b764f470d9
9 changed files with 197 additions and 8 deletions
--- a/internal/securitymanager/security_config.go
+++ b/internal/securitymanager/security_config.go
@@ -0,0 +1,98 @@
+package securitymanager
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/logs"
+	"reflect"
+	"sync"
+)
+
+var locker sync.Mutex
+
+const (
+	SecuritySettingName = "adminSecurityConfig"
+
+	FrameNone       = ""
+	FrameDeny       = "DENY"
+	FrameSameOrigin = "SAMEORIGIN"
+)
+
+var sharedSecurityConfig *SecurityConfig = nil
+
+type SecurityConfig struct {
+	Frame string `json:"frame"`
+}
+
+func LoadSecurityConfig() (*SecurityConfig, error) {
+	locker.Lock()
+	defer locker.Unlock()
+
+	config, err := loadSecurityConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	v := reflect.Indirect(reflect.ValueOf(config)).Interface().(SecurityConfig)
+	return &v, nil
+}
+
+func UpdateSecurityConfig(securityConfig *SecurityConfig) error {
+	locker.Lock()
+	defer locker.Unlock()
+
+	var rpcClient, err = rpc.SharedRPC()
+	if err != nil {
+		return err
+	}
+	valueJSON, err := json.Marshal(securityConfig)
+	if err != nil {
+		return err
+	}
+	_, err = rpcClient.SysSettingRPC().UpdateSysSetting(rpcClient.Context(1), &pb.UpdateSysSettingRequest{
+		Code:      SecuritySettingName,
+		ValueJSON: valueJSON,
+	})
+	if err != nil {
+		return err
+	}
+	sharedSecurityConfig = securityConfig
+	return nil
+}
+
+func loadSecurityConfig() (*SecurityConfig, error) {
+	if sharedSecurityConfig != nil {
+		return sharedSecurityConfig, nil
+	}
+	var rpcClient, err = rpc.SharedRPC()
+	if err != nil {
+		return nil, err
+	}
+	resp, err := rpcClient.SysSettingRPC().ReadSysSetting(rpcClient.Context(1), &pb.ReadSysSettingRequest{
+		Code: SecuritySettingName,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if len(resp.ValueJSON) == 0 {
+		sharedSecurityConfig = defaultSecurityConfig()
+		return sharedSecurityConfig, nil
+	}
+
+	config := &SecurityConfig{}
+	err = json.Unmarshal(resp.ValueJSON, config)
+	if err != nil {
+		logs.Println("[SECURITY_MANAGER]" + err.Error())
+		sharedSecurityConfig = defaultSecurityConfig()
+		return sharedSecurityConfig, nil
+	}
+	sharedSecurityConfig = config
+	return sharedSecurityConfig, nil
+}
+
+func defaultSecurityConfig() *SecurityConfig {
+	return &SecurityConfig{
+		Frame: FrameSameOrigin,
+	}
+}