perf: 修改 ALLOW_HOSTS

2023-07-24 15:32:30 +08:00 · 2023-07-24 15:32:30 +08:00 · d8d487f770
parent e3aaba4798
commit d8d487f770
5 changed files with 18 additions and 22 deletions
--- a/apps/common/utils/encode.py
+++ b/apps/common/utils/encode.py
@ -45,7 +45,7 @@ class Signer(metaclass=Singleton):

    def sign(self, value):
        s = JSONWebSignatureSerializer(self.secret_key, algorithm_name='HS256')
-        return self.json_serializer.dumps(value).decode()
+        return s.dumps(value).decode()

    def unsign(self, value):
        if value is None:
--- a/apps/common/utils/timezone.py
+++ b/apps/common/utils/timezone.py
@ -1,21 +1,8 @@
-from datetime import datetime, timedelta, timezone
+from datetime import datetime, timedelta

-import pytz
 from django.utils import timezone as dj_timezone
 from rest_framework.fields import DateTimeField

-max = datetime.max.replace(tzinfo=timezone.utc)
-
-
-def astimezone(dt: datetime, tzinfo: pytz.tzinfo.DstTzInfo):
-    assert dj_timezone.is_aware(dt)
-    print("dt.tzinfo: ", tzinfo, type(tzinfo))
-    return tzinfo.normalize(dt.astimezone(tzinfo))
-
-
-def as_china_cst(dt: datetime):
-    return astimezone(dt, pytz.timezone('Asia/Shanghai'))
-

 def as_current_tz(dt: datetime):
    return dt.astimezone(dj_timezone.get_current_timezone())
--- a/apps/jumpserver/asgi.py
+++ b/apps/jumpserver/asgi.py
@ -2,9 +2,9 @@ import os

 from channels.auth import AuthMiddlewareStack
 from channels.routing import ProtocolTypeRouter, URLRouter
-from channels.security.websocket import AllowedHostsOriginValidator
 from django.core.asgi import get_asgi_application

+from .middleware import WsSignatureAuthMiddleware
 from .routing import urlpatterns

 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings")
@ -13,7 +13,7 @@ application = ProtocolTypeRouter({
    "http": get_asgi_application(),

    # WebSocket chat handler
-    "websocket": AllowedHostsOriginValidator(
+    "websocket": WsSignatureAuthMiddleware(
        AuthMiddlewareStack(
            URLRouter(urlpatterns)
        )
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -514,6 +514,7 @@ class Config(dict):
        'TIME_ZONE': 'Asia/Shanghai',
        'FORCE_SCRIPT_NAME': '',
        'SESSION_COOKIE_SECURE': False,
+        'ALLOWED_HOSTS': '',
        'CSRF_COOKIE_SECURE': False,
        'REFERER_CHECK_ENABLED': False,
        'CSRF_TRUSTED_ORIGINS': '',
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@ -65,14 +65,22 @@ APPLET_DOWNLOAD_HOST = CONFIG.APPLET_DOWNLOAD_HOST
 # https://docs.djangoproject.com/en/4.1/ref/settings/
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

-# https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
-CSRF_TRUSTED_ORIGINS = CONFIG.CSRF_TRUSTED_ORIGINS.split(',') if CONFIG.CSRF_TRUSTED_ORIGINS \
-    else ['https://*', 'https://.*', 'http://localhost:9528']
-
 # LOG LEVEL
 LOG_LEVEL = CONFIG.LOG_LEVEL

-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = CONFIG.ALLOWED_HOSTS.split(',') if CONFIG.ALLOWED_HOSTS else ['localhost', '127.0.0.1']
+
+# https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
+CSRF_TRUSTED_ORIGINS = []
+for origin in ALLOWED_HOSTS:
+    # 避免错误 先判断一下吧
+    if origin.startswith('http'):
+        CSRF_TRUSTED_ORIGINS.append(origin)
+        continue
+    if origin.startswith('.'):
+        origin = '*.'
+    for schema in ['https', 'http']:
+        CSRF_TRUSTED_ORIGINS.append('{}://{}'.format(schema, origin))

 # Max post update field num
 DATA_UPLOAD_MAX_NUMBER_FIELDS = 10000