A add security setting

spug_api/apps/account/views.py

@@ -7,7 +7,7 @@ from django.db.models import F
 from libs import JsonParser, Argument, human_datetime, json_response
 from libs.utils import get_request_real_ip
 from apps.account.models import User, Role, History
-from apps.setting.models import Setting
+from apps.setting.utils import AppSetting
 from libs.ldap import LDAP
 import ipaddress
 import time
@@ -164,7 +164,7 @@ def login(request):
         if user and not user.is_active:
             return json_response(error="账户已被系统禁用")
         if form.type == 'ldap':
-            if not Setting.objects.filter(key='ldap_service').exists():
+            if not AppSetting.get_default('ldap_service'):
                 return json_response(error='请在系统设置中配置LDAP后再尝试通过该方式登录')
             ldap = LDAP()
             is_success, message = ldap.valid_user(form.username, form.password)
@@ -199,11 +199,12 @@ def handle_user_info(user, x_real_ip):
     user.last_ip = x_real_ip
     user.save()
     History.objects.create(user=user, ip=x_real_ip)
+    verify_ip = AppSetting.get_default('verify_ip', 'True') == 'True'
     return json_response({
         'access_token': user.access_token,
         'nickname': user.nickname,
         'is_supper': user.is_supper,
-        'has_real_ip': x_real_ip and ipaddress.ip_address(x_real_ip).is_global,
+        'has_real_ip': x_real_ip and ipaddress.ip_address(x_real_ip).is_global if verify_ip else True,
         'host_perms': [] if user.is_supper else user.host_perms,
         'permissions': [] if user.is_supper else user.page_perms
     })

spug_api/apps/setting/utils.py

@@ -6,7 +6,7 @@ from apps.setting.models import Setting
 
 
 class AppSetting:
-    keys = ('public_key', 'private_key', 'mail_service', 'api_key', 'spug_key', 'ldap_service')
+    keys = ('public_key', 'private_key', 'mail_service', 'api_key', 'spug_key', 'ldap_service', 'verify_ip')
 
     @classmethod
     @lru_cache(maxsize=64)

spug_web/src/pages/system/setting/SecuritySetting.js

@@ -0,0 +1,43 @@
+/**
+ * Copyright (c) OpenSpug Organization. https://github.com/openspug/spug
+ * Copyright (c) <spug.dev@gmail.com>
+ * Released under the AGPL-3.0 License.
+ */
+import React from 'react';
+import { observer } from 'mobx-react';
+import { Form, Switch, message } from 'antd';
+import styles from './index.module.css';
+import http from 'libs/http';
+import store from './store';
+import lds from 'lodash';
+
+
+export default observer(function () {
+  function handleChangeVerifyIP(v) {
+    lds.set(store.settings, 'verify_ip.value', v);
+    http.post('/api/setting/', {data: [{key: 'verify_ip', value: v}]})
+      .then(() => {
+        message.success('设置成功');
+        store.fetchSettings()
+      })
+  }
+
+  const checked = lds.get(store.settings, 'verify_ip.value') !== 'False'
+
+  return (
+    <React.Fragment>
+      <div className={styles.title}>安全设置</div>
+      <Form style={{maxWidth: 500}}>
+        <Form.Item
+          label="访问IP校验"
+          help="建议开启，校验是否获取了真实的访问者IP，防止因为增加的反向代理层导致基于IP的安全策略失效，当校验失败时会在登录时弹窗提醒。如果你在内网部署且仅在内网使用可以关闭该特性。">
+          <Switch
+            checkedChildren="开启"
+            unCheckedChildren="关闭"
+            onChange={handleChangeVerifyIP}
+            checked={checked} />
+        </Form.Item>
+      </Form>
+    </React.Fragment>
+  )
+})

spug_web/src/pages/system/setting/index.js

@@ -5,12 +5,13 @@
  */
 import React from 'react';
 import { Menu } from 'antd';
-import {AuthDiv} from 'components';
+import { AuthDiv } from 'components';
 import BasicSetting from './BasicSetting';
 import AlarmSetting from './AlarmSetting';
 import LDAPSetting from './LDAPSetting';
 import OpenService from './OpenService';
 import KeySetting from './KeySetting';
+import SecuritySetting from './SecuritySetting';
 import About from './About';
 import styles from './index.module.css';
 import store from './store';
@@ -39,6 +40,7 @@ class Index extends React.Component {
             style={{border: 'none'}}
             onSelect={({selectedKeys}) => this.setState({selectedKeys})}>
             <Menu.Item key="basic">基本设置</Menu.Item>
+            <Menu.Item key="security">安全设置</Menu.Item>
             <Menu.Item key="ldap">LDAP设置</Menu.Item>
             <Menu.Item key="key">密钥设置</Menu.Item>
             <Menu.Item key="alarm">报警服务设置</Menu.Item>
@@ -47,12 +49,13 @@ class Index extends React.Component {
           </Menu>
         </div>
         <div className={styles.right}>
-          {selectedKeys[0] === 'basic' && <BasicSetting />}
+          {selectedKeys[0] === 'basic' && <BasicSetting/>}
-          {selectedKeys[0] === 'ldap' && <LDAPSetting />}
+          {selectedKeys[0] === 'security' && <SecuritySetting/>}
-          {selectedKeys[0] === 'alarm' && <AlarmSetting />}
+          {selectedKeys[0] === 'ldap' && <LDAPSetting/>}
-          {selectedKeys[0] === 'service' && <OpenService />}
+          {selectedKeys[0] === 'alarm' && <AlarmSetting/>}
-          {selectedKeys[0] === 'key' && <KeySetting />}
+          {selectedKeys[0] === 'service' && <OpenService/>}
-          {selectedKeys[0] === 'about' && <About />}
+          {selectedKeys[0] === 'key' && <KeySetting/>}
+          {selectedKeys[0] === 'about' && <About/>}
         </div>
       </AuthDiv>
     )