mirror of https://github.com/allinssl/allinssl
修改登录校验和初始化
zhangchenhao
parent
a286500c05
commit
a4bd40b08e
|
|
@ -24,7 +24,7 @@ func Sign(c *gin.Context) {
|
|||
}
|
||||
form.Username = strings.TrimSpace(form.Username)
|
||||
form.Code = strings.TrimSpace(form.Code)
|
||||
|
||||
|
||||
// 从数据库拿用户
|
||||
s, err := public.NewSqlite("data/data.db", "")
|
||||
if err != nil {
|
||||
|
|
@ -41,10 +41,10 @@ func Sign(c *gin.Context) {
|
|||
public.FailMsg(c, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
session := sessions.Default(c)
|
||||
now := time.Now()
|
||||
|
||||
|
||||
loginErrCount := session.Get("__loginErrCount")
|
||||
loginErrEnd := session.Get("__loginErrEnd")
|
||||
ErrCount := 0
|
||||
|
|
@ -57,9 +57,9 @@ func Sign(c *gin.Context) {
|
|||
if __loginErrEnd, ok := loginErrEnd.(time.Time); ok {
|
||||
ErrEnd = __loginErrEnd
|
||||
}
|
||||
|
||||
|
||||
// fmt.Println(ErrCount, ErrEnd)
|
||||
|
||||
|
||||
// 判断登录错误次数
|
||||
switch {
|
||||
case ErrCount >= 5:
|
||||
|
|
@ -91,7 +91,7 @@ func Sign(c *gin.Context) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// 判断用户是否存在
|
||||
if len(res) == 0 {
|
||||
session.Set("__loginErrCount", ErrCount+1)
|
||||
|
|
@ -117,7 +117,7 @@ func Sign(c *gin.Context) {
|
|||
keyMd5 := md5.Sum([]byte(passwd))
|
||||
passwdMd5 := hex.EncodeToString(keyMd5[:])
|
||||
// fmt.Println(passwdMd5)
|
||||
|
||||
|
||||
if res[0]["password"] != passwdMd5 {
|
||||
session.Set("__loginErrCount", ErrCount+1)
|
||||
session.Set("__loginErrEnd", now)
|
||||
|
|
@ -128,12 +128,12 @@ func Sign(c *gin.Context) {
|
|||
public.FailMsg(c, "密码错误")
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
// session := sessions.Default(c)
|
||||
session.Set("__loginErrCount", 0)
|
||||
session.Delete("__loginErrEnd")
|
||||
session.Set("login", true)
|
||||
session.Set("__login_key", public.GetSettingIgnoreError("login_key"))
|
||||
session.Set("__login_key", public.LoginKey)
|
||||
_ = session.Save()
|
||||
// c.JSON(http.StatusOK, public.ResOK(0, nil, "登录成功"))
|
||||
// 设置cookie
|
||||
|
|
@ -145,7 +145,7 @@ func Sign(c *gin.Context) {
|
|||
func GetCode(c *gin.Context) {
|
||||
_, bs64, code, _ := public.GenerateCode()
|
||||
session := sessions.Default(c)
|
||||
|
||||
|
||||
session.Set("_verifyCode", code)
|
||||
_ = session.Save()
|
||||
public.SuccessData(c, bs64, 0)
|
||||
|
|
|
|||
|
|
@ -131,7 +131,7 @@ func Save(setting *Setting) error {
|
|||
return nil
|
||||
} else {
|
||||
if reload {
|
||||
s.Where("key = 'login_key'", []interface{}{}).Update(map[string]interface{}{"value": public.GenerateUUID()})
|
||||
public.LoginKey = public.GenerateUUID()
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func SessionAuthMiddleware() gin.HandlerFunc {
|
|||
if checkApiKey(c) {
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
routePath := c.Request.URL.Path
|
||||
method := c.Request.Method
|
||||
paths := strings.Split(strings.TrimPrefix(routePath, "/"), "/")
|
||||
|
|
@ -34,7 +34,7 @@ func SessionAuthMiddleware() gin.HandlerFunc {
|
|||
now := time.Now()
|
||||
gob.Register(time.Time{})
|
||||
last := session.Get("lastRequestTime")
|
||||
|
||||
|
||||
if routePath == public.Secure {
|
||||
if session.Get("secure") == nil {
|
||||
// 访问安全入口,设置 session
|
||||
|
|
@ -97,13 +97,13 @@ func SessionAuthMiddleware() gin.HandlerFunc {
|
|||
c.Abort()
|
||||
return
|
||||
} else {
|
||||
if session.Get("__login_key") != public.GetSettingIgnoreError("login_key") {
|
||||
if session.Get("__login_key") != public.LoginKey {
|
||||
// session.Set("secure", true)
|
||||
session.Set("login", nil)
|
||||
session.Save()
|
||||
// c.JSON(http.StatusUnauthorized, gin.H{"message": "登录信息发生变化,请重新登录"})
|
||||
c.Redirect(http.StatusFound, "/login")
|
||||
// c.Abort()
|
||||
c.Abort()
|
||||
} else {
|
||||
// 访问正常,更新最后请求时间
|
||||
session.Set("lastRequestTime", now)
|
||||
|
|
@ -169,7 +169,7 @@ func checkApiKey(c *gin.Context) bool {
|
|||
func generateSignature(timestamp, apiKey string) string {
|
||||
keyMd5 := md5.Sum([]byte(apiKey))
|
||||
keyMd5Hex := strings.ToLower(hex.EncodeToString(keyMd5[:]))
|
||||
|
||||
|
||||
signMd5 := md5.Sum([]byte(timestamp + keyMd5Hex))
|
||||
signMd5Hex := strings.ToLower(hex.EncodeToString(signMd5[:]))
|
||||
return signMd5Hex
|
||||
|
|
|
|||
|
|
@ -178,7 +178,7 @@ func init() {
|
|||
);
|
||||
|
||||
`)
|
||||
insertDefaultData(db, "users", "INSERT INTO users (id, username, password, salt) VALUES (1, 'xxxx', 'xxxxxxx', '&*ghs^&%dag');")
|
||||
insertDefaultData(db, "users", "INSERT INTO users (id, username, password, salt) VALUES (1, 'admin', 'xxxxxxx', '&*ghs^&%dag');")
|
||||
insertDefaultData(db, "access_type", `
|
||||
INSERT INTO access_type (name, type) VALUES ('aliyun', 'dns');
|
||||
INSERT INTO access_type (name, type) VALUES ('tencentcloud', 'dns');
|
||||
|
|
@ -201,10 +201,9 @@ func init() {
|
|||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ( 'workflow_log_path', 'logs/workflows/', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);
|
||||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ( 'timeout', '3600', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);
|
||||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ( 'https', '0', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);
|
||||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ( 'login_key', '%s', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);
|
||||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ('session_key', '%s', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);
|
||||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ('secure', '/%s', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);
|
||||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ('port', '%d', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);`, uuidStr, uuidStr, randomStr, port)
|
||||
INSERT INTO settings (key, value, create_time, update_time, active, type) VALUES ('port', '%d', '2025-04-15 15:58', '2025-04-15 15:58', 1, null);`, uuidStr, randomStr, port)
|
||||
|
||||
insertDefaultData(db, "settings", Isql)
|
||||
|
||||
|
|
|
|||
|
|
@ -6,11 +6,12 @@ var Port = GetSettingIgnoreError("port")
|
|||
var Secure = GetSettingIgnoreError("secure")
|
||||
var SessionKey = GetSettingIgnoreError("session_key")
|
||||
var LogPath = GetSettingIgnoreError("log_path")
|
||||
var LoginKey = GenerateUUID()
|
||||
var TimeOut = func() int {
|
||||
settingStr := GetSettingIgnoreError("timeout")
|
||||
setting, err := strconv.Atoi(settingStr)
|
||||
if err != nil {
|
||||
return 300
|
||||
return 3600
|
||||
}
|
||||
return setting
|
||||
}()
|
||||
|
|
@ -25,7 +26,7 @@ func ReloadConfig() {
|
|||
settingStr := GetSettingIgnoreError("timeout")
|
||||
setting, err := strconv.Atoi(settingStr)
|
||||
if err != nil {
|
||||
TimeOut = 300
|
||||
TimeOut = 3600
|
||||
} else {
|
||||
TimeOut = setting
|
||||
}
|
||||
|
|
|
|||
|
|
@ -121,7 +121,8 @@ func main() {
|
|||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
public.UpdateSetting("login_key", public.GenerateUUID())
|
||||
envVars["web"] = "restart"
|
||||
err = control()
|
||||
fmt.Println("用户名设置成功:", input)
|
||||
case "6":
|
||||
var input string
|
||||
|
|
@ -164,8 +165,8 @@ func main() {
|
|||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
public.UpdateSetting("login_key", public.GenerateUUID())
|
||||
|
||||
envVars["web"] = "restart"
|
||||
err = control()
|
||||
fmt.Println("密码设置成功:", input)
|
||||
case "7":
|
||||
var input string
|
||||
|
|
|
|||
Loading…
Reference in New Issue