A add security setting

pull/223/head
vapao 2020-11-07 13:40:55 +08:00
parent 808a442ee7
commit 658bc3be7b
4 changed files with 58 additions and 11 deletions

View File

@ -7,7 +7,7 @@ from django.db.models import F
from libs import JsonParser, Argument, human_datetime, json_response
from libs.utils import get_request_real_ip
from apps.account.models import User, Role, History
from apps.setting.models import Setting
from apps.setting.utils import AppSetting
from libs.ldap import LDAP
import ipaddress
import time
@ -164,7 +164,7 @@ def login(request):
if user and not user.is_active:
return json_response(error="账户已被系统禁用")
if form.type == 'ldap':
if not Setting.objects.filter(key='ldap_service').exists():
if not AppSetting.get_default('ldap_service'):
return json_response(error='请在系统设置中配置LDAP后再尝试通过该方式登录')
ldap = LDAP()
is_success, message = ldap.valid_user(form.username, form.password)
@ -199,11 +199,12 @@ def handle_user_info(user, x_real_ip):
user.last_ip = x_real_ip
user.save()
History.objects.create(user=user, ip=x_real_ip)
verify_ip = AppSetting.get_default('verify_ip', 'True') == 'True'
return json_response({
'access_token': user.access_token,
'nickname': user.nickname,
'is_supper': user.is_supper,
'has_real_ip': x_real_ip and ipaddress.ip_address(x_real_ip).is_global,
'has_real_ip': x_real_ip and ipaddress.ip_address(x_real_ip).is_global if verify_ip else True,
'host_perms': [] if user.is_supper else user.host_perms,
'permissions': [] if user.is_supper else user.page_perms
})

View File

@ -6,7 +6,7 @@ from apps.setting.models import Setting
class AppSetting:
keys = ('public_key', 'private_key', 'mail_service', 'api_key', 'spug_key', 'ldap_service')
keys = ('public_key', 'private_key', 'mail_service', 'api_key', 'spug_key', 'ldap_service', 'verify_ip')
@classmethod
@lru_cache(maxsize=64)

View File

@ -0,0 +1,43 @@
/**
* Copyright (c) OpenSpug Organization. https://github.com/openspug/spug
* Copyright (c) <spug.dev@gmail.com>
* Released under the AGPL-3.0 License.
*/
import React from 'react';
import { observer } from 'mobx-react';
import { Form, Switch, message } from 'antd';
import styles from './index.module.css';
import http from 'libs/http';
import store from './store';
import lds from 'lodash';
export default observer(function () {
function handleChangeVerifyIP(v) {
lds.set(store.settings, 'verify_ip.value', v);
http.post('/api/setting/', {data: [{key: 'verify_ip', value: v}]})
.then(() => {
message.success('设置成功');
store.fetchSettings()
})
}
const checked = lds.get(store.settings, 'verify_ip.value') !== 'False'
return (
<React.Fragment>
<div className={styles.title}>安全设置</div>
<Form style={{maxWidth: 500}}>
<Form.Item
label="访问IP校验"
help="建议开启校验是否获取了真实的访问者IP防止因为增加的反向代理层导致基于IP的安全策略失效当校验失败时会在登录时弹窗提醒。如果你在内网部署且仅在内网使用可以关闭该特性。">
<Switch
checkedChildren="开启"
unCheckedChildren="关闭"
onChange={handleChangeVerifyIP}
checked={checked} />
</Form.Item>
</Form>
</React.Fragment>
)
})

View File

@ -5,12 +5,13 @@
*/
import React from 'react';
import { Menu } from 'antd';
import {AuthDiv} from 'components';
import { AuthDiv } from 'components';
import BasicSetting from './BasicSetting';
import AlarmSetting from './AlarmSetting';
import LDAPSetting from './LDAPSetting';
import OpenService from './OpenService';
import KeySetting from './KeySetting';
import SecuritySetting from './SecuritySetting';
import About from './About';
import styles from './index.module.css';
import store from './store';
@ -39,6 +40,7 @@ class Index extends React.Component {
style={{border: 'none'}}
onSelect={({selectedKeys}) => this.setState({selectedKeys})}>
<Menu.Item key="basic">基本设置</Menu.Item>
<Menu.Item key="security">安全设置</Menu.Item>
<Menu.Item key="ldap">LDAP设置</Menu.Item>
<Menu.Item key="key">密钥设置</Menu.Item>
<Menu.Item key="alarm">报警服务设置</Menu.Item>
@ -47,12 +49,13 @@ class Index extends React.Component {
</Menu>
</div>
<div className={styles.right}>
{selectedKeys[0] === 'basic' && <BasicSetting />}
{selectedKeys[0] === 'ldap' && <LDAPSetting />}
{selectedKeys[0] === 'alarm' && <AlarmSetting />}
{selectedKeys[0] === 'service' && <OpenService />}
{selectedKeys[0] === 'key' && <KeySetting />}
{selectedKeys[0] === 'about' && <About />}
{selectedKeys[0] === 'basic' && <BasicSetting/>}
{selectedKeys[0] === 'security' && <SecuritySetting/>}
{selectedKeys[0] === 'ldap' && <LDAPSetting/>}
{selectedKeys[0] === 'alarm' && <AlarmSetting/>}
{selectedKeys[0] === 'service' && <OpenService/>}
{selectedKeys[0] === 'key' && <KeySetting/>}
{selectedKeys[0] === 'about' && <About/>}
</div>
</AuthDiv>
)