安全设置增加“检查客户端指纹"和"检查客户端区域"选项

2025-11-13 20:00:25 +08:00 · 2023-04-19 18:25:10 +08:00
parent a31f9ed9c5
commit c9fb3153eb
9 changed files with 129 additions and 11 deletions
--- a/internal/web/helpers/user_must_auth.go
+++ b/internal/web/helpers/user_must_auth.go
@@ -175,13 +175,32 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
 	}

 	// 检查指纹
-	var clientFingerprint = session.GetString("@fingerprint")
-	if len(clientFingerprint) > 0 && clientFingerprint != loginutils.CalculateClientFingerprint(action) {
-		loginutils.UnsetCookie(action)
-		session.Delete()
+	if securityConfig != nil && securityConfig.CheckClientFingerprint {
+		var clientFingerprint = session.GetString("@fingerprint")
+		if len(clientFingerprint) > 0 && clientFingerprint != loginutils.CalculateClientFingerprint(action) {
+			loginutils.UnsetCookie(action)
+			session.Delete()

-		this.login(action)
-		return false
+			this.login(action)
+			return false
+		}
+	}
+
+	// 检查区域
+	if securityConfig != nil && securityConfig.CheckClientRegion {
+		var oldClientIP = session.GetString("@ip")
+		var currentClientIP = loginutils.RemoteIP(action)
+		if len(oldClientIP) > 0 && len(currentClientIP) > 0 && oldClientIP != currentClientIP {
+			var oldRegion = loginutils.LookupIPRegion(oldClientIP)
+			var newRegion = loginutils.LookupIPRegion(currentClientIP)
+			if newRegion != oldRegion {
+				loginutils.UnsetCookie(action)
+				session.Delete()
+
+				this.login(action)
+				return false
+			}
+		}
 	}

 	// 检查用户是否存在