diff --git a/component/captcha_store.go b/component/captcha_store.go index 37387c7..abf91ce 100644 --- a/component/captcha_store.go +++ b/component/captcha_store.go @@ -3,6 +3,7 @@ package component import ( "context" "fmt" + "os" "strings" "time" "wireguard-dashboard/client" @@ -49,8 +50,8 @@ func (CaptchaStore) Get(id string, clear bool) string { // @param clear // @return bool func (c CaptchaStore) Verify(id, answer string, clear bool) bool { - //if os.Getenv("GIN_MODE") != "release" { - // return true - //} + if os.Getenv("GIN_MODE") != "release" { + return true + } return strings.ToUpper(answer) == strings.ToUpper(c.Get(id, clear)) } diff --git a/component/jwt.go b/component/jwt.go index c99efd8..523de35 100644 --- a/component/jwt.go +++ b/component/jwt.go @@ -6,17 +6,19 @@ import ( "fmt" "gitee.ltd/lxh/logger/log" "github.com/golang-jwt/jwt/v5" + "github.com/google/uuid" "strings" "time" "wireguard-dashboard/client" + "wireguard-dashboard/config" "wireguard-dashboard/constant" ) const Secret = "IK8MSs76Pb2VJxleTDadf1Wzu3h9QROLv0XtmnCUErYgBG5wAyjk4cioqFZHNpZG" type JwtClaims struct { - ID string `json:"id"` - jwt.RegisteredClaims `json:"-"` + ID string `json:"id"` + jwt.RegisteredClaims } func JWT() JwtClaims { @@ -36,10 +38,12 @@ func (j JwtClaims) GenerateToken(userId string) (token string, expireTime *jwt.N claims := JwtClaims{ ID: userId, RegisteredClaims: jwt.RegisteredClaims{ - Subject: "wireguard-dashboard", + Issuer: config.Config.Http.Endpoint, // 颁发站点 + Subject: "wg-dashboard", ExpiresAt: expireTime, NotBefore: notBefore, IssuedAt: issuedAt, + ID: uuid.NewString(), }, } diff --git a/config/http.go b/config/http.go index cc09b77..f3455a7 100644 --- a/config/http.go +++ b/config/http.go @@ -1,5 +1,6 @@ package config type http struct { - Port uint `yaml:"port"` + Port uint `yaml:"port"` + Endpoint string `yaml:"endpoint"` } diff --git a/middleware/authorization.go b/middleware/authorization.go index a6c8240..8978b92 100644 --- a/middleware/authorization.go +++ b/middleware/authorization.go @@ -28,6 +28,13 @@ func Authorization() gin.HandlerFunc { return } + // 如果token的颁发者与请求的站点不一致,则直接给它狗日的丢出去 + if userClaims.Issuer != utils.GetHost(c.Request.Header.Get("Referer")) { + utils.GinResponse(c).AuthorizationFailed() + c.Abort() + return + } + // 查询用户 user, err := repository.User().GetUserById(userClaims.ID) if err != nil { diff --git a/utils/url.go b/utils/url.go new file mode 100644 index 0000000..d172c4f --- /dev/null +++ b/utils/url.go @@ -0,0 +1,16 @@ +package utils + +import "net/url" + +// GetHost +// @description: 获取指定地址的host +// @param addr +// @return string +func GetHost(addr string) string { + uu, err := url.Parse(addr) + if err != nil { + return "" + } + + return uu.Host +} diff --git a/web-src/src/utils/http/index.ts b/web-src/src/utils/http/index.ts index ab0f1d6..e8d058d 100644 --- a/web-src/src/utils/http/index.ts +++ b/web-src/src/utils/http/index.ts @@ -163,6 +163,15 @@ class PureHttp { resolve(response); }) .catch(error => { + // 401直接跳转回去 + if (error.response.status === 401) { + router.replace({ + path: "/login", + query: { + redirect: router.currentRoute.value.fullPath + } + }); + } if (error.response === null || error.response === undefined) { message(error.message, { type: "error" }); } else {