mirror of
https://github.com/1Panel-dev/1Panel.git
synced 2025-12-11 04:46:12 +08:00
fix: optimize IP whitelist validation logic (#11183)
Some checks failed
SonarCloud Scan / SonarCloud (push) Failing after 7s
Some checks failed
SonarCloud Scan / SonarCloud (push) Failing after 7s
This commit is contained in:
ssongliu
GitHub
parent
4ac490c6b4
commit
dc8c50c07a
3 changed files with 27 additions and 5 deletions
|
|
@ -3,14 +3,15 @@ package router
|
|||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"github.com/1Panel-dev/1Panel/backend/app/service"
|
||||
"github.com/1Panel-dev/1Panel/backend/constant"
|
||||
"github.com/1Panel-dev/1Panel/cmd/server/res"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/1Panel-dev/1Panel/backend/app/service"
|
||||
"github.com/1Panel-dev/1Panel/backend/constant"
|
||||
"github.com/1Panel-dev/1Panel/cmd/server/res"
|
||||
|
||||
"github.com/1Panel-dev/1Panel/backend/global"
|
||||
"github.com/1Panel-dev/1Panel/backend/i18n"
|
||||
"github.com/1Panel-dev/1Panel/backend/middleware"
|
||||
|
|
@ -160,7 +161,7 @@ func setWebStatic(rootRouter *gin.RouterGroup) {
|
|||
}
|
||||
|
||||
func Routers() *gin.Engine {
|
||||
Router = gin.Default()
|
||||
Router = gin.New()
|
||||
Router.Use(middleware.OperationLog())
|
||||
// Router.Use(middleware.CSRF())
|
||||
// Router.Use(middleware.LoadCsrfToken())
|
||||
|
|
|
|||
|
|
@ -8,11 +8,17 @@ import (
|
|||
"github.com/1Panel-dev/1Panel/backend/app/repo"
|
||||
"github.com/1Panel-dev/1Panel/backend/constant"
|
||||
"github.com/1Panel-dev/1Panel/backend/global"
|
||||
"github.com/1Panel-dev/1Panel/backend/utils/common"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func WhiteAllow() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
clientIP := common.GetRealClientIP(c)
|
||||
if common.IsPrivateIP(clientIP) {
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
settingRepo := repo.NewISettingRepo()
|
||||
status, err := settingRepo.Get(settingRepo.WithByKey("AllowIPs"))
|
||||
if err != nil {
|
||||
|
|
@ -24,7 +30,6 @@ func WhiteAllow() gin.HandlerFunc {
|
|||
c.Next()
|
||||
return
|
||||
}
|
||||
clientIP := c.ClientIP()
|
||||
for _, ip := range strings.Split(status.Value, ",") {
|
||||
if len(ip) == 0 {
|
||||
continue
|
||||
|
|
|
|||
|
|
@ -426,3 +426,19 @@ func HandleIPList(content string) ([]string, error) {
|
|||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func GetRealClientIP(c *gin.Context) string {
|
||||
addr := c.Request.RemoteAddr
|
||||
if ip, _, err := net.SplitHostPort(addr); err == nil {
|
||||
return ip
|
||||
}
|
||||
return addr
|
||||
}
|
||||
|
||||
func IsPrivateIP(ipStr string) bool {
|
||||
ip := net.ParseIP(ipStr)
|
||||
if ip == nil {
|
||||
return false
|
||||
}
|
||||
return ip.IsPrivate() || ip.IsLoopback()
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue