TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-07 15:20:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

使用本地SID二次校验增强管理系统安全性

Browse Source
This commit is contained in:
GoEdgeLab
2024-04-08 10:24:10 +08:00
parent af4d19ee5a
commit fcd69a4e65
12 changed files with 195 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/web/helpers/user_must_auth.go
View File

@@ -200,18 +200,22 @@ func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
}
// 检查区域
if securityConfig != nil && securityConfig.CheckClientRegion {
var oldClientIP = session.GetString("@ip")
var currentClientIP = loginutils.RemoteIP(action)
if len(oldClientIP) > 0 && len(currentClientIP) > 0 && oldClientIP != currentClientIP {
var oldRegion = loginutils.LookupIPRegion(oldClientIP)
var newRegion = loginutils.LookupIPRegion(currentClientIP)
if newRegion != oldRegion {
var oldClientIP = session.GetString("@ip")
var currentClientIP = loginutils.RemoteIP(action)
if len(oldClientIP) > 0 && len(currentClientIP) > 0 && oldClientIP != currentClientIP {
var oldRegion = loginutils.LookupIPRegion(oldClientIP)
var newRegion = loginutils.LookupIPRegion(currentClientIP)
if newRegion != oldRegion {
if securityConfig != nil && securityConfig.CheckClientRegion {
loginutils.UnsetCookie(action)
session.Delete()
this.login(action)
return false
} else {
// TODO 考虑IP变化时也需要验证主要是考虑被反向代理的情形
action.RedirectURL("/login/validate?from=" + url.QueryEscape(action.Request.URL.String()))
return false
}
}
}