-
Notifications
You must be signed in to change notification settings - Fork 39
/
user_should_auth.go
83 lines (69 loc) · 2.45 KB
/
user_should_auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package helpers
import (
"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
"github.com/iwind/TeaGo/actions"
"net/http"
)
type UserShouldAuth struct {
action *actions.ActionObject
}
func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {
if teaconst.IsRecoverMode {
actionPtr.Object().RedirectURL("/recover")
return false
}
this.action = actionPtr.Object()
// 检查请求是否合法
if isEvilRequest(this.action.Request) {
this.action.ResponseWriter.WriteHeader(http.StatusForbidden)
return false
}
// 检测注入
if !safeFilterRequest(this.action.Request) {
this.action.ResponseWriter.WriteHeader(http.StatusForbidden)
_, _ = this.action.ResponseWriter.Write([]byte("Denied By WAF"))
return false
}
// 安全相关
var action = this.action
securityConfig, _ := configloaders.LoadSecurityConfig()
if securityConfig == nil {
action.AddHeader("X-Frame-Options", "SAMEORIGIN")
} else if len(securityConfig.Frame) > 0 {
action.AddHeader("X-Frame-Options", securityConfig.Frame)
}
action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")
// 检查IP
if !checkIP(securityConfig, loginutils.RemoteIP(action)) {
action.ResponseWriter.WriteHeader(http.StatusForbidden)
return false
}
// 检查请求
if !checkRequestSecurity(securityConfig, action.Request) {
action.ResponseWriter.WriteHeader(http.StatusForbidden)
return false
}
return true
}
// StoreAdmin 存储用户名到SESSION
func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool, localSid string) {
loginutils.SetCookie(this.action, remember)
var session = this.action.Session()
session.Write("adminId", numberutils.FormatInt64(adminId))
session.Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action))
session.Write("@ip", loginutils.RemoteIP(this.action))
session.Write("@localSid", localSid)
}
func (this *UserShouldAuth) IsUser() bool {
return this.action.Session().GetInt("adminId") > 0
}
func (this *UserShouldAuth) AdminId() int {
return this.action.Session().GetInt("adminId")
}
func (this *UserShouldAuth) Logout() {
loginutils.UnsetCookie(this.action)
this.action.Session().Delete()
}