fix: 拦截中间件数据改为实时获取 (#1213)

backend/app/service/setting.go

@@ -114,10 +114,6 @@ func (u *SettingService) Update(key, value string) error {
 		if err := settingRepo.Update("ExpirationTime", time.Now().AddDate(0, 0, timeout).Format("2006-01-02 15:04:05")); err != nil {
 			return err
 		}
-	case "BindDomain":
-		global.CONF.System.BindDomain = value
-	case "AllowIPs":
-		global.CONF.System.AllowIPs = value
 	case "TimeZone":
 		go func() {
 			_, err := cmd.Exec("systemctl restart 1panel.service")

backend/configs/system.go

@@ -21,6 +21,4 @@ type System struct {
 	IsDemo         bool   `mapstructure:"is_demo"`
 	AppRepo        string `mapstructure:"app_repo"`
 	ChangeUserInfo bool   `mapstructure:"change_user_info"`
-	AllowIPs       string `mapstructure:"allow_ips"`
-	BindDomain     string `mapstructure:"bind_domain"`
 }

backend/init/hook/hook.go

@@ -26,18 +26,6 @@ func Init() {
 	}
 	global.CONF.System.SSL = sslSetting.Value
 
-	ipsSetting, err := settingRepo.Get(settingRepo.WithByKey("AllowIPs"))
-	if err != nil {
-		global.LOG.Errorf("load allow ips from setting failed, err: %v", err)
-	}
-	global.CONF.System.AllowIPs = ipsSetting.Value
-
-	domainSetting, err := settingRepo.Get(settingRepo.WithByKey("BindDomain"))
-	if err != nil {
-		global.LOG.Errorf("load bind domain from setting failed, err: %v", err)
-	}
-	global.CONF.System.BindDomain = domainSetting.Value
-
 	if _, err := settingRepo.Get(settingRepo.WithByKey("SystemStatus")); err != nil {
 		_ = settingRepo.Create("SystemStatus", "Free")
 	}

backend/middleware/bind_domain.go

@@ -5,14 +5,20 @@ import (
 	"strings"
 
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/constant"
-	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/gin-gonic/gin"
 )
 
 func BindDomain() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		if len(global.CONF.System.BindDomain) == 0 {
+		settingRepo := repo.NewISettingRepo()
+		status, err := settingRepo.Get(settingRepo.WithByKey("BindDomain"))
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrDomain, constant.ErrTypeInternalServer, err)
+			return
+		}
+		if len(status.Value) == 0 {
 			c.Next()
 			return
 		}
@@ -22,7 +28,7 @@ func BindDomain() gin.HandlerFunc {
 			domains = parts[0]
 		}
 
-		if domains != global.CONF.System.BindDomain {
+		if domains != status.Value {
 			helper.ErrorWithDetail(c, constant.CodeErrDomain, constant.ErrTypeInternalServer, errors.New("domain not allowed"))
 			return
 		}

backend/middleware/ip_limit.go

@@ -5,19 +5,26 @@ import (
 	"strings"
 
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/constant"
-	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/gin-gonic/gin"
 )
 
 func WhiteAllow() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		if len(global.CONF.System.AllowIPs) == 0 {
+		settingRepo := repo.NewISettingRepo()
+		status, err := settingRepo.Get(settingRepo.WithByKey("AllowIPs"))
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrIP, constant.ErrTypeInternalServer, err)
+			return
+		}
+
+		if len(status.Value) == 0 {
 			c.Next()
 			return
 		}
 		clientIP := c.ClientIP()
-		for _, ip := range strings.Split(global.CONF.System.AllowIPs, ",") {
+		for _, ip := range strings.Split(status.Value, ",") {
 			if len(ip) != 0 && ip == clientIP {
 				c.Next()
 				return

frontend/src/lang/modules/en.ts

@@ -1003,7 +1003,7 @@ const message = {
             'After setting the authorized IP address, only the IP address in the setting can access the 1Panel service. Do you want to continue?',
         allowIPsHelper1: 'If the authorized IP address is empty, the authorized IP address is canceled',
         allowIPEgs:
-            'If multiple ip authorizations exist, newlines need to be displayed. For example, \n172.16.10.111 \n172.16.10.111',
+            'If multiple ip authorizations exist, newlines need to be displayed. For example, \n172.16.10.111 \n172.16.10.112',
         mfa: 'MFA',
         mfaAlert:
             'MFA password is generated based on the current time. Please ensure that the server time is synchronized.',

frontend/src/lang/modules/zh.ts

@@ -1016,7 +1016,7 @@ const message = {
         allowIPsHelper: '设置授权 IP 后，仅有设置中的 IP 可以访问 1Panel 服务',
         allowIPsWarnning: '设置授权 IP 后，仅有设置中的 IP 可以访问 1Panel 服务，是否继续？',
         allowIPsHelper1: '授权 IP 为空时，则取消授权 IP',
-        allowIPEgs: '当存在多个授权 IP 时，需要换行显示，例： \n172.16.10.111 \n172.16.10.111',
+        allowIPEgs: '当存在多个授权 IP 时，需要换行显示，例： \n172.16.10.111 \n172.16.10.112',
         mfa: '两步验证',
         mfaAlert: '两步验证密码是基于当前时间生成，请确保服务器时间已同步',
         mfaHelper: '开启后会验证手机应用验证码',

frontend/src/views/login/entrance/index.vue

@@ -56,11 +56,15 @@ const mySafetyCode = defineProps({
 
 const getStatus = async () => {
     isErr.value = true;
-    const res = await checkIsSafety(mySafetyCode.code);
+    let code = mySafetyCode.code;
+    if (code === 'err-ip' || code === 'err-domain') {
+        code = globalStore.entrance;
+    }
+    const res = await checkIsSafety(code);
     isErr.value = false;
     globalStore.entrance = '';
     if (res.data === 'disable') {
-        if (mySafetyCode.code === '') {
+        if (code === '') {
             isNotFound.value = false;
         } else {
             isNotFound.value = true;
@@ -73,7 +77,7 @@ const getStatus = async () => {
         return;
     }
     if (res.data === 'pass') {
-        globalStore.entrance = mySafetyCode.code;
+        globalStore.entrance = code;
     }
 };