admin
1f7c491048
- 实现文件系统日志(FilesystemLog)记录文件管理器操作 - 实现操作日志(OperationLog)记录用户操作行为 - 实现数据库SQL日志(DatabaseSQLLog)模型和API - 实现SSH会话命令记录(SessionCommand)含命令输出和风险等级 - 添加IP提取服务支持X-Real-IP和X-Forwarded-For - 添加日志自动清理功能 - 修复ProFormSwitch required验证问题 - 修复设置页面默认值问题 - 修复文件上传错误检测逻辑 - 修复资产树key前缀问题 - 添加VNC/RDP设置默认值 - 修复文件管理标题翻译
74 lines
1.5 KiB
Go
74 lines
1.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net"
|
|
"next-terminal/server/common/nt"
|
|
"next-terminal/server/service"
|
|
"strings"
|
|
|
|
"next-terminal/server/api"
|
|
"next-terminal/server/global/security"
|
|
"next-terminal/server/utils"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
|
securities := security.GlobalSecurityManager.Values()
|
|
if len(securities) == 0 {
|
|
return next(c)
|
|
}
|
|
|
|
ip := service.PropertyService.GetClientIP(c)
|
|
|
|
var pass = true
|
|
|
|
for _, s := range securities {
|
|
ipGroups := strings.Split(s.IP, ",")
|
|
for _, ipGroup := range ipGroups {
|
|
if strings.Contains(ipGroup, "/") {
|
|
// CIDR
|
|
_, ipNet, err := net.ParseCIDR(ipGroup)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
if !ipNet.Contains(net.ParseIP(ip)) {
|
|
continue
|
|
}
|
|
} else if strings.Contains(ipGroup, "-") {
|
|
// 范围段
|
|
split := strings.Split(ipGroup, "-")
|
|
if len(split) < 2 {
|
|
continue
|
|
}
|
|
start := split[0]
|
|
end := split[1]
|
|
intReqIP := utils.IpToInt(ip)
|
|
if intReqIP < utils.IpToInt(start) || intReqIP > utils.IpToInt(end) {
|
|
continue
|
|
}
|
|
} else {
|
|
// IP
|
|
if ipGroup != ip {
|
|
continue
|
|
}
|
|
}
|
|
|
|
pass = s.Rule == nt.AccessRuleAllow
|
|
}
|
|
}
|
|
|
|
if !pass {
|
|
if c.Request().Header.Get("X-Requested-With") != "" || c.Request().Header.Get(nt.Token) != "" {
|
|
return api.Fail(c, -1, "您的访问请求被拒绝 :(")
|
|
} else {
|
|
return c.HTML(666, "您的访问请求被拒绝 :(")
|
|
}
|
|
}
|
|
|
|
return next(c)
|
|
}
|
|
}
|