perf: 修改 ALLOW_HOSTS

apps/common/utils/encode.py

@@ -45,7 +45,7 @@ class Signer(metaclass=Singleton):
 
     def sign(self, value):
         s = JSONWebSignatureSerializer(self.secret_key, algorithm_name='HS256')
-        return self.json_serializer.dumps(value).decode()
+        return s.dumps(value).decode()
 
     def unsign(self, value):
         if value is None:

apps/common/utils/timezone.py

@@ -1,21 +1,8 @@
-from datetime import datetime, timedelta, timezone
+from datetime import datetime, timedelta
 
-import pytz
 from django.utils import timezone as dj_timezone
 from rest_framework.fields import DateTimeField
 
-max = datetime.max.replace(tzinfo=timezone.utc)
-
-
-def astimezone(dt: datetime, tzinfo: pytz.tzinfo.DstTzInfo):
-    assert dj_timezone.is_aware(dt)
-    print("dt.tzinfo: ", tzinfo, type(tzinfo))
-    return tzinfo.normalize(dt.astimezone(tzinfo))
-
-
-def as_china_cst(dt: datetime):
-    return astimezone(dt, pytz.timezone('Asia/Shanghai'))
-
 
 def as_current_tz(dt: datetime):
     return dt.astimezone(dj_timezone.get_current_timezone())

apps/jumpserver/asgi.py

@@ -2,9 +2,9 @@ import os
 
 from channels.auth import AuthMiddlewareStack
 from channels.routing import ProtocolTypeRouter, URLRouter
-from channels.security.websocket import AllowedHostsOriginValidator
 from django.core.asgi import get_asgi_application
 
+from .middleware import WsSignatureAuthMiddleware
 from .routing import urlpatterns
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings")
@@ -13,7 +13,7 @@ application = ProtocolTypeRouter({
     "http": get_asgi_application(),
 
     # WebSocket chat handler
-    "websocket": AllowedHostsOriginValidator(
+    "websocket": WsSignatureAuthMiddleware(
         AuthMiddlewareStack(
             URLRouter(urlpatterns)
         )

apps/jumpserver/conf.py

@@ -514,6 +514,7 @@ class Config(dict):
         'TIME_ZONE': 'Asia/Shanghai',
         'FORCE_SCRIPT_NAME': '',
         'SESSION_COOKIE_SECURE': False,
+        'ALLOWED_HOSTS': '',
         'CSRF_COOKIE_SECURE': False,
         'REFERER_CHECK_ENABLED': False,
         'CSRF_TRUSTED_ORIGINS': '',

apps/jumpserver/settings/base.py

@@ -65,14 +65,22 @@ APPLET_DOWNLOAD_HOST = CONFIG.APPLET_DOWNLOAD_HOST
 # https://docs.djangoproject.com/en/4.1/ref/settings/
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
-# https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
-CSRF_TRUSTED_ORIGINS = CONFIG.CSRF_TRUSTED_ORIGINS.split(',') if CONFIG.CSRF_TRUSTED_ORIGINS \
-    else ['https://*', 'https://.*', 'http://localhost:9528']
-
 # LOG LEVEL
 LOG_LEVEL = CONFIG.LOG_LEVEL
 
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = CONFIG.ALLOWED_HOSTS.split(',') if CONFIG.ALLOWED_HOSTS else ['localhost', '127.0.0.1']
+
+# https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
+CSRF_TRUSTED_ORIGINS = []
+for origin in ALLOWED_HOSTS:
+    # 避免错误 先判断一下吧
+    if origin.startswith('http'):
+        CSRF_TRUSTED_ORIGINS.append(origin)
+        continue
+    if origin.startswith('.'):
+        origin = '*.'
+    for schema in ['https', 'http']:
+        CSRF_TRUSTED_ORIGINS.append('{}://{}'.format(schema, origin))
 
 # Max post update field num
 DATA_UPLOAD_MAX_NUMBER_FIELDS = 10000