gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-01-19 08:19:15 +08:00
Code

fix: 登陆接口增加安全入口校验 (#2199)

Browse Source
This commit is contained in:
ssongliu 2023-09-06 15:00:12 +08:00 committed by GitHub
parent 278fac6d80
commit df5a1b3e40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 110 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
backend/app/api/v1/auth.go
View File

@ -1,6 +1,8 @@
package v1
import (
"encoding/base64"
"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
"github.com/1Panel-dev/1Panel/backend/app/dto"
"github.com/1Panel-dev/1Panel/backend/app/model"
@ -20,6 +22,7 @@ type BaseApi struct{}
// @Param request body dto.Login true "request"
// @Success 200 {object} dto.UserLoginInfo
// @Router /auth/login [post]
// @Header 200 {string} EntranceCode "安全入口"
func (b *BaseApi) Login(c *gin.Context) {
var req dto.Login
if err := c.ShouldBindJSON(&req); err != nil {
@ -32,8 +35,13 @@ func (b *BaseApi) Login(c *gin.Context) {
return
}
}
entranceItem := c.Request.Header.Get("EntranceCode")
var entrance []byte
if len(entranceItem) != 0 {
entrance, _ = base64.StdEncoding.DecodeString(entranceItem)
}
user, err := authService.Login(c, req)
user, err := authService.Login(c, req, string(entrance))
go saveLoginLogs(c, err)
if err != nil {
helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
@ -49,6 +57,7 @@ func (b *BaseApi) Login(c *gin.Context) {
// @Param request body dto.MFALogin true "request"
// @Success 200 {object} dto.UserLoginInfo
// @Router /auth/mfalogin [post]
// @Header 200 {string} EntranceCode "安全入口"
func (b *BaseApi) MFALogin(c *gin.Context) {
var req dto.MFALogin
if err := c.ShouldBindJSON(&req); err != nil {
@ -59,8 +68,13 @@ func (b *BaseApi) MFALogin(c *gin.Context) {
helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
return
}
entranceItem := c.Request.Header.Get("EntranceCode")
var entrance []byte
if len(entranceItem) != 0 {
entrance, _ = base64.StdEncoding.DecodeString(entranceItem)
}
user, err := authService.MFALogin(c, req)
user, err := authService.MFALogin(c, req, string(entrance))
if err != nil {
helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
return

24
backend/app/service/auth.go
View File

@ -4,6 +4,7 @@ import (
"strconv"
"github.com/1Panel-dev/1Panel/backend/app/dto"
"github.com/1Panel-dev/1Panel/backend/buserr"
"github.com/1Panel-dev/1Panel/backend/constant"
"github.com/1Panel-dev/1Panel/backend/global"
"github.com/1Panel-dev/1Panel/backend/utils/encrypt"
@ -19,16 +20,16 @@ type AuthService struct{}
type IAuthService interface {
CheckIsSafety(code string) (string, error)
VerifyCode(code string) (bool, error)
Login(c *gin.Context, info dto.Login) (*dto.UserLoginInfo, error)
Login(c *gin.Context, info dto.Login, entrance string) (*dto.UserLoginInfo, error)
LogOut(c *gin.Context) error
MFALogin(c *gin.Context, info dto.MFALogin) (*dto.UserLoginInfo, error)
MFALogin(c *gin.Context, info dto.MFALogin, entrance string) (*dto.UserLoginInfo, error)
}
func NewIAuthService() IAuthService {
return &AuthService{}
}
func (u *AuthService) Login(c *gin.Context, info dto.Login) (*dto.UserLoginInfo, error) {
func (u *AuthService) Login(c *gin.Context, info dto.Login, entrance string) (*dto.UserLoginInfo, error) {
nameSetting, err := settingRepo.Get(settingRepo.WithByKey("UserName"))
if err != nil {
return nil, errors.WithMessage(constant.ErrRecordNotFound, err.Error())
@ -44,6 +45,13 @@ func (u *AuthService) Login(c *gin.Context, info dto.Login) (*dto.UserLoginInfo,
if info.Password != pass || nameSetting.Value != info.Name {
return nil, constant.ErrAuth
}
entranceSetting, err := settingRepo.Get(settingRepo.WithByKey("SecurityEntrance"))
if err != nil {
return nil, err
}
if len(entranceSetting.Value) != 0 && entranceSetting.Value != entrance {
return nil, buserr.New(constant.ErrEntrance)
}
mfa, err := settingRepo.Get(settingRepo.WithByKey("MFAStatus"))
if err != nil {
return nil, err
@ -57,7 +65,7 @@ func (u *AuthService) Login(c *gin.Context, info dto.Login) (*dto.UserLoginInfo,
return u.generateSession(c, info.Name, info.AuthMethod)
}
func (u *AuthService) MFALogin(c *gin.Context, info dto.MFALogin) (*dto.UserLoginInfo, error) {
func (u *AuthService) MFALogin(c *gin.Context, info dto.MFALogin, entrance string) (*dto.UserLoginInfo, error) {
nameSetting, err := settingRepo.Get(settingRepo.WithByKey("UserName"))
if err != nil {
return nil, errors.WithMessage(constant.ErrRecordNotFound, err.Error())
@ -73,7 +81,13 @@ func (u *AuthService) MFALogin(c *gin.Context, info dto.MFALogin) (*dto.UserLogi
if info.Password != pass || nameSetting.Value != info.Name {
return nil, constant.ErrAuth
}
entranceSetting, err := settingRepo.Get(settingRepo.WithByKey("SecurityEntrance"))
if err != nil {
return nil, err
}
if len(entranceSetting.Value) != 0 && entranceSetting.Value != entrance {
return nil, buserr.New(constant.ErrEntrance)
}
mfaSecret, err := settingRepo.Get(settingRepo.WithByKey("MFASecret"))
if err != nil {
return nil, err

1
backend/constant/errs.go
View File

@ -124,4 +124,5 @@ var (
var (
ErrBackupInUsed = "ErrBackupInUsed"
ErrOSSConn = "ErrOSSConn"
ErrEntrance = "ErrEntrance"
)

1
backend/i18n/lang/en.yaml
View File

@ -104,6 +104,7 @@ ErrDelWithWebsite: "The operating environment has been associated with a website
#setting
ErrBackupInUsed: "The backup account is already being used in a cronjob and cannot be deleted."
ErrOSSConn: "Unable to successfully request the latest version. Please check if the server can connect to the external network environment."
ErrEntrance: "Security entrance information error. Please check and try again!"
#tool
ErrConfigNotFound: "Configuration file does not exist"

1
backend/i18n/lang/zh-Hant.yaml
View File

@ -104,6 +104,7 @@ ErrDelWithWebsite: "運行環境已經關聯網站,無法刪除"
#setting
ErrBackupInUsed: "該備份帳號已在計劃任務中使用,無法刪除"
ErrOSSConn: "無法成功請求最新版本,請檢查伺服器是否能夠連接到外部網絡環境。"
ErrEntrance: "安全入口信息錯誤,請檢查後重試!"
#tool
ErrConfigNotFound: "配置文件不存在"

1
backend/i18n/lang/zh.yaml
View File

@ -104,6 +104,7 @@ ErrDelWithWebsite: "运行环境已经关联网站,无法删除"
#setting
ErrBackupInUsed: "该备份账号已在计划任务中使用,无法删除"
ErrOSSConn: "无法成功请求最新版本,请检查服务器是否能够连接到外部网络环境。"
ErrEntrance: "安全入口信息错误,请检查后重试!"
#tool
ErrConfigNotFound: "配置文件不存在"

28
cmd/server/docs/docs.go
View File

@ -1,5 +1,5 @@
// Package docs GENERATED BY SWAG; DO NOT EDIT
// This file was generated by swaggo/swag
// Code generated by swaggo/swag. DO NOT EDIT.
package docs
import "github.com/swaggo/swag"
@ -956,6 +956,12 @@ const docTemplate = `{
"description": "OK",
"schema": {
"$ref": "#/definitions/dto.UserLoginInfo"
},
"headers": {
"EntranceCode": {
"type": "string",
"description": "安全入口"
}
}
}
}
@ -1006,6 +1012,12 @@ const docTemplate = `{
"description": "OK",
"schema": {
"$ref": "#/definitions/dto.UserLoginInfo"
},
"headers": {
"EntranceCode": {
"type": "string",
"description": "安全入口"
}
}
}
}
@ -14925,6 +14937,9 @@ const docTemplate = `{
"extension": {
"type": "string"
},
"gid": {
"type": "string"
},
"group": {
"type": "string"
},
@ -14970,6 +14985,9 @@ const docTemplate = `{
"type": {
"type": "string"
},
"uid": {
"type": "string"
},
"updateTime": {
"type": "string"
},
@ -17313,6 +17331,9 @@ const docTemplate = `{
"extension": {
"type": "string"
},
"gid": {
"type": "string"
},
"group": {
"type": "string"
},
@ -17358,6 +17379,9 @@ const docTemplate = `{
"type": {
"type": "string"
},
"uid": {
"type": "string"
},
"updateTime": {
"type": "string"
},

24
cmd/server/docs/swagger.json
View File

@ -949,6 +949,12 @@
"description": "OK",
"schema": {
"$ref": "#/definitions/dto.UserLoginInfo"
},
"headers": {
"EntranceCode": {
"type": "string",
"description": "安全入口"
}
}
}
}
@ -999,6 +1005,12 @@
"description": "OK",
"schema": {
"$ref": "#/definitions/dto.UserLoginInfo"
},
"headers": {
"EntranceCode": {
"type": "string",
"description": "安全入口"
}
}
}
}
@ -14918,6 +14930,9 @@
"extension": {
"type": "string"
},
"gid": {
"type": "string"
},
"group": {
"type": "string"
},
@ -14963,6 +14978,9 @@
"type": {
"type": "string"
},
"uid": {
"type": "string"
},
"updateTime": {
"type": "string"
},
@ -17306,6 +17324,9 @@
"extension": {
"type": "string"
},
"gid": {
"type": "string"
},
"group": {
"type": "string"
},
@ -17351,6 +17372,9 @@
"type": {
"type": "string"
},
"uid": {
"type": "string"
},
"updateTime": {
"type": "string"
},

16
cmd/server/docs/swagger.yaml
View File

@ -2177,6 +2177,8 @@ definitions:
type: string
extension:
type: string
gid:
type: string
group:
type: string
isDir:
@ -2207,6 +2209,8 @@ definitions:
type: integer
type:
type: string
uid:
type: string
updateTime:
type: string
user:
@ -3778,6 +3782,8 @@ definitions:
type: string
extension:
type: string
gid:
type: string
group:
type: string
isDir:
@ -3808,6 +3814,8 @@ definitions:
type: integer
type:
type: string
uid:
type: string
updateTime:
type: string
user:
@ -4620,6 +4628,10 @@ paths:
responses:
"200":
description: OK
headers:
EntranceCode:
description: 安全入口
type: string
schema:
$ref: '#/definitions/dto.UserLoginInfo'
summary: User login
@ -4651,6 +4663,10 @@ paths:
responses:
"200":
description: OK
headers:
EntranceCode:
description: 安全入口
type: string
schema:
$ref: '#/definitions/dto.UserLoginInfo'
summary: User login with mfa

5
frontend/src/api/index.ts
View File

@ -5,6 +5,7 @@ import { checkStatus } from './helper/check-status';
import router from '@/routers';
import { GlobalStore } from '@/store';
import { MsgError } from '@/utils/message';
import { Base64 } from 'js-base64';
const globalStore = GlobalStore();
@ -25,6 +26,10 @@ class RequestHttp {
'Accept-Language': language,
...config.headers,
};
if (config.url === '/auth/login' || config.url === '/auth/mfalogin') {
let entrace = Base64.encode(globalStore.entrance);
config.headers.EntranceCode = entrace;
}
return {
...config,
};