TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-04 05:00:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
08af418665bbe54abebdcaf67da3f6d1dfc26d43
EdgeAdmin/internal/web/actions/default/index/index.go
GoEdgeLab 08af418665 登录页尝试使用csrf校验
2020-10-25 11:22:11 +08:00

139 lines
3.5 KiB
Go
Raw Blame History

package index
import (
"fmt"
"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
"github.com/TeaOSLab/EdgeAdmin/internal/setup"
"github.com/TeaOSLab/EdgeAdmin/internal/utils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/types"
stringutil "github.com/iwind/TeaGo/utils/string"
"time"
)
type IndexAction struct {
actionutils.ParentAction
}
// 首页(登录页)
var TokenSalt = stringutil.Rand(32)
func (this *IndexAction) RunGet(params struct {
From string
Auth *helpers.UserShouldAuth
}) {
// 检查系统是否已经配置过
if !setup.IsConfigured() {
this.RedirectURL("/setup")
return
}
// 已登录跳转到dashboard
if params.Auth.IsUser() {
this.RedirectURL("/dashboard")
return
}
this.Data["isUser"] = false
this.Data["menu"] = "signIn"
timestamp := fmt.Sprintf("%d", time.Now().Unix())
this.Data["token"] = stringutil.Md5(TokenSalt+timestamp) + timestamp
this.Data["from"] = params.From
this.Show()
}
// 提交
func (this *IndexAction) RunPost(params struct {
Token string
Username string
Password string
Remember bool
Must *actions.Must
Auth *helpers.UserShouldAuth
CSRF *actionutils.CSRF
}) {
params.Must.
Field("username", params.Username).
Require("请输入用户名").
Field("password", params.Password).
Require("请输入密码")
if params.Password == stringutil.Md5("") {
this.FailField("password", "请输入密码")
}
// 检查token
if len(params.Token) <= 32 {
this.Fail("请通过登录页面登录")
}
timestampString := params.Token[32:]
if stringutil.Md5(TokenSalt+timestampString) != params.Token[:32] {
this.FailField("refresh", "登录页面已过期,请刷新后重试")
}
timestamp := types.Int64(timestampString)
if timestamp < time.Now().Unix()-1800 {
this.FailField("refresh", "登录页面已过期,请刷新后重试")
}
rpcClient, err := rpc.SharedRPC()
if err != nil {
this.Fail("服务器出了点小问题:" + err.Error())
}
resp, err := rpcClient.AdminRPC().LoginAdmin(rpcClient.Context(0), &pb.LoginAdminRequest{
Username: params.Username,
Password: params.Password,
})
if err != nil {
_, err = rpcClient.AdminRPC().CreateAdminLog(rpcClient.Context(0), &pb.CreateAdminLogRequest{
Level: oplogs.LevelError,
Description: "登录时发生系统错误:" + err.Error(),
Action: this.Request.URL.Path,
Ip: this.RequestRemoteIP(),
})
if err != nil {
utils.PrintError(err)
}
actionutils.Fail(this, err)
}
if !resp.IsOk {
_, err = rpcClient.AdminRPC().CreateAdminLog(rpcClient.Context(0), &pb.CreateAdminLogRequest{
Level: oplogs.LevelWarn,
Description: "登录失败,用户名:" + params.Username,
Action: this.Request.URL.Path,
Ip: this.RequestRemoteIP(),
})
if err != nil {
utils.PrintError(err)
}
this.Fail("请输入正确的用户名密码")
}
adminId := int(resp.AdminId)
params.Auth.StoreAdmin(adminId, params.Remember)
// 记录日志
_, err = rpcClient.AdminRPC().CreateAdminLog(rpcClient.Context(0), &pb.CreateAdminLogRequest{
Level: oplogs.LevelInfo,
Description: "成功登录系统,用户名:" + params.Username,
Action: this.Request.URL.Path,
Ip: this.RequestRemoteIP(),
})
if err != nil {
utils.PrintError(err)
}
this.Success()
}
Reference in New Issue View Git Blame Copy Permalink