mirror of
https://github.com/TeaOSLab/EdgeAdmin.git
synced 2026-03-15 17:45:37 +08:00
使用本地SID二次校验增强管理系统安全性
This commit is contained in:
GoEdgeLab
@@ -21,6 +21,7 @@ import (
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
|
||||
"github.com/iwind/TeaGo/actions"
|
||||
"github.com/iwind/TeaGo/lists"
|
||||
"github.com/iwind/TeaGo/rands"
|
||||
"github.com/iwind/TeaGo/types"
|
||||
stringutil "github.com/iwind/TeaGo/utils/string"
|
||||
"net"
|
||||
@@ -236,7 +237,10 @@ func (this *IndexAction) RunPost(params struct {
|
||||
}
|
||||
|
||||
// 写入SESSION
|
||||
params.Auth.StoreAdmin(adminId, params.Remember)
|
||||
var localSid = rands.HexString(32)
|
||||
this.Data["localSid"] = localSid
|
||||
this.Data["ip"] = loginutils.RemoteIP(&this.ActionObject)
|
||||
params.Auth.StoreAdmin(adminId, params.Remember, localSid)
|
||||
|
||||
// 记录日志
|
||||
err = dao.SharedLogDAO.CreateAdminLog(rpcClient.Context(adminId), oplogs.LevelInfo, this.Request.URL.Path, langs.DefaultMessage(codes.AdminLogin_LogSuccess, params.Username), loginutils.RemoteIP(&this.ActionObject), codes.AdminLogin_LogSuccess, []any{params.Username})
|
||||
|
||||
@@ -19,6 +19,7 @@ import (
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
"github.com/iwind/TeaGo/actions"
|
||||
"github.com/iwind/TeaGo/maps"
|
||||
"github.com/iwind/TeaGo/rands"
|
||||
stringutil "github.com/iwind/TeaGo/utils/string"
|
||||
"github.com/xlzd/gotp"
|
||||
"time"
|
||||
@@ -132,7 +133,10 @@ func (this *OtpAction) RunPost(params struct {
|
||||
}
|
||||
|
||||
// 写入SESSION
|
||||
params.Auth.StoreAdmin(adminId, params.Remember)
|
||||
var localSid = rands.HexString(32)
|
||||
this.Data["localSid"] = localSid
|
||||
this.Data["ip"] = loginutils.RemoteIP(&this.ActionObject)
|
||||
params.Auth.StoreAdmin(adminId, params.Remember, localSid)
|
||||
|
||||
// 删除OTP SESSION
|
||||
_, err = this.RPC().LoginSessionRPC().DeleteLoginSession(this.AdminContext(), &pb.DeleteLoginSessionRequest{Sid: sid})
|
||||
|
||||
Reference in New Issue
Block a user