mirror of https://github.com/jumpserver/jumpserver
fit2bot
GitHub
parent
91f1280f97
commit
82de636b5c
|
|
@ -269,7 +269,10 @@ class Config(dict):
|
|||
'TIME_ZONE': 'Asia/Shanghai',
|
||||
'CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED': True,
|
||||
'USER_LOGIN_SINGLE_MACHINE_ENABLED': False,
|
||||
'TICKETS_ENABLED': True
|
||||
'TICKETS_ENABLED': True,
|
||||
'SESSION_COOKIE_SECURE': False,
|
||||
'CSRF_COOKIE_SECURE': False,
|
||||
'REFERER_CHECK_ENABLED': False,
|
||||
}
|
||||
|
||||
def compatible_auth_openid_of_key(self):
|
||||
|
|
|
|||
|
|
@ -3,9 +3,11 @@
|
|||
import os
|
||||
import re
|
||||
import pytz
|
||||
from django.core.exceptions import MiddlewareNotUsed
|
||||
from django.utils import timezone
|
||||
from django.shortcuts import HttpResponse
|
||||
from django.conf import settings
|
||||
from django.http.response import HttpResponseForbidden
|
||||
|
||||
from .utils import set_current_request
|
||||
|
||||
|
|
@ -61,7 +63,31 @@ class RequestMiddleware:
|
|||
set_current_request(request)
|
||||
response = self.get_response(request)
|
||||
is_request_api = request.path.startswith('/api')
|
||||
if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and not is_request_api:
|
||||
if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and \
|
||||
not is_request_api:
|
||||
age = request.session.get_expiry_age()
|
||||
request.session.set_expiry(age)
|
||||
return response
|
||||
|
||||
|
||||
class RefererCheckMiddleware:
|
||||
def __init__(self, get_response):
|
||||
if not settings.REFERER_CHECK_ENABLED:
|
||||
raise MiddlewareNotUsed
|
||||
self.get_response = get_response
|
||||
self.http_pattern = re.compile('https?://')
|
||||
|
||||
def check_referer(self, request):
|
||||
referer = request.META.get('HTTP_REFERER', '')
|
||||
referer = self.http_pattern.sub('', referer)
|
||||
if not referer:
|
||||
return True
|
||||
remote_host = request.get_host()
|
||||
return referer.startswith(remote_host)
|
||||
|
||||
def __call__(self, request):
|
||||
match = self.check_referer(request)
|
||||
if not match:
|
||||
return HttpResponseForbidden('CSRF CHECK ERROR')
|
||||
response = self.get_response(request)
|
||||
return response
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@ MIDDLEWARE = [
|
|||
'jumpserver.middleware.TimezoneMiddleware',
|
||||
'jumpserver.middleware.DemoMiddleware',
|
||||
'jumpserver.middleware.RequestMiddleware',
|
||||
'jumpserver.middleware.RefererCheckMiddleware',
|
||||
'orgs.middleware.OrgMiddleware',
|
||||
]
|
||||
|
||||
|
|
@ -245,6 +246,6 @@ CACHES = {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
FORCE_SCRIPT_NAME = CONFIG.FORCE_SCRIPT_NAME
|
||||
|
||||
SESSION_COOKIE_SECURE = CONFIG.SESSION_COOKIE_SECURE
|
||||
CSRF_COOKIE_SECURE = CONFIG.CSRF_COOKIE_SECURE
|
||||
|
|
|
|||
|
|
@ -105,3 +105,4 @@ CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED = CONFIG.CHANGE_AUTH_PLAN_SECURE_MODE_ENABL
|
|||
DATETIME_DISPLAY_FORMAT = '%Y-%m-%d %H:%M:%S'
|
||||
|
||||
TICKETS_ENABLED = CONFIG.TICKETS_ENABLED
|
||||
REFERER_CHECK_ENABLED = CONFIG.REFERER_CHECK_ENABLED
|
||||
|
|
|
|||
Loading…
Reference in New Issue