增加简单的安全设置

2026-03-31 09:55:18 +08:00 · 2020-11-20 18:06:54 +08:00
parent f8b6116c73
commit b764f470d9
9 changed files with 197 additions and 8 deletions
--- a/internal/web/actions/default/settings/security/index.go
+++ b/internal/web/actions/default/settings/security/index.go
@@ -1,6 +1,10 @@
 package security

-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/securitymanager"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/iwind/TeaGo/actions"
+)

 type IndexAction struct {
 	actionutils.ParentAction
@@ -11,5 +15,35 @@ func (this *IndexAction) Init() {
 }

 func (this *IndexAction) RunGet(params struct{}) {
+	config, err := securitymanager.LoadSecurityConfig()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["config"] = config
 	this.Show()
 }
+
+func (this *IndexAction) RunPost(params struct {
+	Frame string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改管理界面安全设置")
+
+	config, err := securitymanager.LoadSecurityConfig()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	config.Frame = params.Frame
+	err = securitymanager.UpdateSecurityConfig(config)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/settings/security/init.go
+++ b/internal/web/actions/default/settings/security/init.go
@@ -12,7 +12,7 @@ func init() {
 			Helper(helpers.NewUserMustAuth()).
 			Helper(settingutils.NewHelper("security")).
 			Prefix("/settings/security").
-			Get("", new(IndexAction)).
+			GetPost("", new(IndexAction)).
 			EndAll()
 	})
 }
--- a/internal/web/helpers/user_must_auth.go
+++ b/internal/web/helpers/user_must_auth.go
@@ -3,6 +3,7 @@ package helpers
 import (
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	nodes "github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeAdmin/internal/securitymanager"
 	"github.com/TeaOSLab/EdgeAdmin/internal/setup"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
@@ -26,8 +27,11 @@ func (this *UserMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
 	var action = actionPtr.Object()

 	// 安全相关
-	if !teaconst.EnabledFrame {
+	securityConfig, _ := securitymanager.LoadSecurityConfig()
+	if securityConfig == nil {
 		action.AddHeader("X-Frame-Options", "SAMEORIGIN")
+	} else if len(securityConfig.Frame) > 0 {
+		action.AddHeader("X-Frame-Options", securityConfig.Frame)
 	}
 	action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")

--- a/internal/web/helpers/user_should_auth.go
+++ b/internal/web/helpers/user_should_auth.go
@@ -1,7 +1,7 @@
 package helpers

 import (
-	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeAdmin/internal/securitymanager"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
 	"github.com/iwind/TeaGo/actions"
 	"net/http"
@@ -16,8 +16,11 @@ func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramN

 	// 安全相关
 	action := this.action
-	if !teaconst.EnabledFrame {
+	securityConfig, _ := securitymanager.LoadSecurityConfig()
+	if securityConfig == nil {
 		action.AddHeader("X-Frame-Options", "SAMEORIGIN")
+	} else if len(securityConfig.Frame) > 0 {
+		action.AddHeader("X-Frame-Options", securityConfig.Frame)
 	}
 	action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")