安全设置增加“检查客户端指纹"和"检查客户端区域"选项

internal/web/helpers/user_must_auth.go

@@ -175,13 +175,32 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
 	}
 
 	// 检查指纹
-	var clientFingerprint = session.GetString("@fingerprint")
-	if len(clientFingerprint) > 0 && clientFingerprint != loginutils.CalculateClientFingerprint(action) {
-		loginutils.UnsetCookie(action)
-		session.Delete()
+	if securityConfig != nil && securityConfig.CheckClientFingerprint {
+		var clientFingerprint = session.GetString("@fingerprint")
+		if len(clientFingerprint) > 0 && clientFingerprint != loginutils.CalculateClientFingerprint(action) {
+			loginutils.UnsetCookie(action)
+			session.Delete()
 
-		this.login(action)
-		return false
+			this.login(action)
+			return false
+		}
+	}
+
+	// 检查区域
+	if securityConfig != nil && securityConfig.CheckClientRegion {
+		var oldClientIP = session.GetString("@ip")
+		var currentClientIP = loginutils.RemoteIP(action)
+		if len(oldClientIP) > 0 && len(currentClientIP) > 0 && oldClientIP != currentClientIP {
+			var oldRegion = loginutils.LookupIPRegion(oldClientIP)
+			var newRegion = loginutils.LookupIPRegion(currentClientIP)
+			if newRegion != oldRegion {
+				loginutils.UnsetCookie(action)
+				session.Delete()
+
+				this.login(action)
+				return false
+			}
+		}
 	}
 
 	// 检查用户是否存在

internal/web/helpers/user_should_auth.go

@@ -58,6 +58,7 @@ func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool) {
 	var session = this.action.Session()
 	session.Write("adminId", numberutils.FormatInt64(adminId))
 	session.Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action))
+	session.Write("@ip", loginutils.RemoteIP(this.action))
 }
 
 func (this *UserShouldAuth) IsUser() bool {