A add security setting

2020-11-07 13:40:55 +08:00 · 2020-11-07 13:40:55 +08:00 · 658bc3be7b
parent 808a442ee7
commit 658bc3be7b
4 changed files with 58 additions and 11 deletions
--- a/spug_api/apps/account/views.py
+++ b/spug_api/apps/account/views.py
@ -7,7 +7,7 @@ from django.db.models import F
 from libs import JsonParser, Argument, human_datetime, json_response
 from libs.utils import get_request_real_ip
 from apps.account.models import User, Role, History
-from apps.setting.models import Setting
+from apps.setting.utils import AppSetting
 from libs.ldap import LDAP
 import ipaddress
 import time
@ -164,7 +164,7 @@ def login(request):
        if user and not user.is_active:
            return json_response(error="账户已被系统禁用")
        if form.type == 'ldap':
-            if not Setting.objects.filter(key='ldap_service').exists():
+            if not AppSetting.get_default('ldap_service'):
                return json_response(error='请在系统设置中配置LDAP后再尝试通过该方式登录')
            ldap = LDAP()
            is_success, message = ldap.valid_user(form.username, form.password)
@ -199,11 +199,12 @@ def handle_user_info(user, x_real_ip):
    user.last_ip = x_real_ip
    user.save()
    History.objects.create(user=user, ip=x_real_ip)
+    verify_ip = AppSetting.get_default('verify_ip', 'True') == 'True'
    return json_response({
        'access_token': user.access_token,
        'nickname': user.nickname,
        'is_supper': user.is_supper,
-        'has_real_ip': x_real_ip and ipaddress.ip_address(x_real_ip).is_global,
+        'has_real_ip': x_real_ip and ipaddress.ip_address(x_real_ip).is_global if verify_ip else True,
        'host_perms': [] if user.is_supper else user.host_perms,
        'permissions': [] if user.is_supper else user.page_perms
    })
--- a/spug_api/apps/setting/utils.py
+++ b/spug_api/apps/setting/utils.py
@ -6,7 +6,7 @@ from apps.setting.models import Setting


 class AppSetting:
-    keys = ('public_key', 'private_key', 'mail_service', 'api_key', 'spug_key', 'ldap_service')
+    keys = ('public_key', 'private_key', 'mail_service', 'api_key', 'spug_key', 'ldap_service', 'verify_ip')

    @classmethod
    @lru_cache(maxsize=64)
--- a/spug_web/src/pages/system/setting/SecuritySetting.js
+++ b/spug_web/src/pages/system/setting/SecuritySetting.js
@ -0,0 +1,43 @@
+/**
+ * Copyright (c) OpenSpug Organization. https://github.com/openspug/spug
+ * Copyright (c) <spug.dev@gmail.com>
+ * Released under the AGPL-3.0 License.
+ */
+import React from 'react';
+import { observer } from 'mobx-react';
+import { Form, Switch, message } from 'antd';
+import styles from './index.module.css';
+import http from 'libs/http';
+import store from './store';
+import lds from 'lodash';
+
+
+export default observer(function () {
+  function handleChangeVerifyIP(v) {
+    lds.set(store.settings, 'verify_ip.value', v);
+    http.post('/api/setting/', {data: [{key: 'verify_ip', value: v}]})
+      .then(() => {
+        message.success('设置成功');
+        store.fetchSettings()
+      })
+  }
+
+  const checked = lds.get(store.settings, 'verify_ip.value') !== 'False'
+
+  return (
+    <React.Fragment>
+      <div className={styles.title}>安全设置</div>
+      <Form style={{maxWidth: 500}}>
+        <Form.Item
+          label="访问IP校验"
+          help="建议开启，校验是否获取了真实的访问者IP，防止因为增加的反向代理层导致基于IP的安全策略失效，当校验失败时会在登录时弹窗提醒。如果你在内网部署且仅在内网使用可以关闭该特性。">
+          <Switch
+            checkedChildren="开启"
+            unCheckedChildren="关闭"
+            onChange={handleChangeVerifyIP}
+            checked={checked} />
+        </Form.Item>
+      </Form>
+    </React.Fragment>
+  )
+})
--- a/spug_web/src/pages/system/setting/index.js
+++ b/spug_web/src/pages/system/setting/index.js
@ -5,12 +5,13 @@
 */
 import React from 'react';
 import { Menu } from 'antd';
-import {AuthDiv} from 'components';
+import { AuthDiv } from 'components';
 import BasicSetting from './BasicSetting';
 import AlarmSetting from './AlarmSetting';
 import LDAPSetting from './LDAPSetting';
 import OpenService from './OpenService';
 import KeySetting from './KeySetting';
+import SecuritySetting from './SecuritySetting';
 import About from './About';
 import styles from './index.module.css';
 import store from './store';
@ -39,6 +40,7 @@ class Index extends React.Component {
            style={{border: 'none'}}
            onSelect={({selectedKeys}) => this.setState({selectedKeys})}>
            <Menu.Item key="basic">基本设置</Menu.Item>
+            <Menu.Item key="security">安全设置</Menu.Item>
            <Menu.Item key="ldap">LDAP设置</Menu.Item>
            <Menu.Item key="key">密钥设置</Menu.Item>
            <Menu.Item key="alarm">报警服务设置</Menu.Item>
@ -47,12 +49,13 @@ class Index extends React.Component {
          </Menu>
        </div>
        <div className={styles.right}>
-          {selectedKeys[0] === 'basic' && <BasicSetting />}
-          {selectedKeys[0] === 'ldap' && <LDAPSetting />}
-          {selectedKeys[0] === 'alarm' && <AlarmSetting />}
-          {selectedKeys[0] === 'service' && <OpenService />}
-          {selectedKeys[0] === 'key' && <KeySetting />}
-          {selectedKeys[0] === 'about' && <About />}
+          {selectedKeys[0] === 'basic' && <BasicSetting/>}
+          {selectedKeys[0] === 'security' && <SecuritySetting/>}
+          {selectedKeys[0] === 'ldap' && <LDAPSetting/>}
+          {selectedKeys[0] === 'alarm' && <AlarmSetting/>}
+          {selectedKeys[0] === 'service' && <OpenService/>}
+          {selectedKeys[0] === 'key' && <KeySetting/>}
+          {selectedKeys[0] === 'about' && <About/>}
        </div>
      </AuthDiv>
    )