bonus
/
Bonus-Cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

回滚关于IP伪造代码上的改动

This commit is contained in:
weiweiw 2024-11-13 17:45:02 +08:00
parent 8d668d4d9b
commit 0f1bff9724
9 changed files with 34 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java
View File

@ -238,7 +238,7 @@ public class PasswordValidatorService {
long startTime = System.currentTimeMillis();
try {
String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST));
String ip = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps());
String ip = IpUtils.getIpAddr();
if (IpUtils.isMatchedIp(blackStr,ip )) {
logAndThrowError(username, "访问IP已被列入系统黑名单", "访问IP已被列入系统黑名单");
}
@ -270,7 +270,7 @@ public class PasswordValidatorService {
*/
public void handleIpValidation(String username, SysUser user) {
try {
String nowIp = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps());
String nowIp = IpUtils.getIpAddr();
String hisIp = redisService.getCacheObject("IP:" + user.getUserId());
if (!nowIp.equals(hisIp)) {
recordLogService.saveErrorLogs(username, System.currentTimeMillis(), user.getUserId().toString(),"用户连续两次在不同IP登录");
@ -286,7 +286,7 @@ public class PasswordValidatorService {
List<Map<String, Object>> cacheList = redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST);
// 获取客户端的 IP 地址
String ip = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps());
String ip = IpUtils.getIpAddr();
// 遍历黑名单
for (Map<String, Object> map : cacheList) {

16
bonus-auth/src/main/java/com/bonus/auth/service/SysRecordLogService.java
View File

@ -31,8 +31,6 @@ public class SysRecordLogService
{
@Autowired
private RemoteLogService remoteLogService;
@Autowired
private SystemConfig systemConfig;
/**
* 记录登录信息
@ -46,7 +44,7 @@ public class SysRecordLogService
{
SysLogininfor logininfor = new SysLogininfor();
logininfor.setUserName(username);
logininfor.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
logininfor.setIpaddr(IpUtils.getIpAddr());
logininfor.setMsg(message);
// 日志状态
if (StringUtils.equalsAny(status, Constants.LOGIN_SUCCESS, Constants.LOGOUT, Constants.REGISTER))
@ -74,7 +72,7 @@ public class SysRecordLogService
String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
sysLogsVo.setLogId(uuid);
sysLogsVo.setOperaUserName(username);
sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
sysLogsVo.setIp(IpUtils.getIpAddr());
sysLogsVo.setModel("系统认证模块");
sysLogsVo.setOperTime(DateUtils.getTime());
sysLogsVo.setMethodType(SystemGlobal.POST);
@ -123,7 +121,7 @@ public class SysRecordLogService
if (StringUtils.isNotEmpty(userId)){
sysLogsVo.setUserId(userId);
}
sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
sysLogsVo.setIp(IpUtils.getIpAddr());
sysLogsVo.setResultData("用户登录成功");
sysLogsVo.setTitle("系统登录");
sysLogsVo.setModel("系统认证模块");
@ -132,7 +130,7 @@ public class SysRecordLogService
sysLogsVo.setMethod("login()");
sysLogsVo.setLogId(uuid);
sysLogsVo.setOperaUserName(username);
sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
sysLogsVo.setIp(IpUtils.getIpAddr());
sysLogsVo.setParams("{\"username\":\""+username+"\"}");
sysLogsVo.setOperateDetail("用户登录系统");
sysLogsVo.setErrType(errMessage);
@ -159,7 +157,7 @@ public class SysRecordLogService
String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
sysLogsVo.setLogId(uuid);
sysLogsVo.setOperaUserName(username);
sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
sysLogsVo.setIp(IpUtils.getIpAddr());
sysLogsVo.setModel("系统认证模块");
sysLogsVo.setLogType(0);
if (StringUtils.isNotEmpty(userId)){
@ -200,7 +198,7 @@ public class SysRecordLogService
String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
sysLogsVo.setLogId(uuid);
sysLogsVo.setOperaUserName(username);
sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
sysLogsVo.setIp(IpUtils.getIpAddr());
sysLogsVo.setModel("系统认证模块");
sysLogsVo.setLogType(0);
if (StringUtils.isNotEmpty(userId)){
@ -233,7 +231,7 @@ public class SysRecordLogService
String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
sysLogsVo.setLogId(uuid);
sysLogsVo.setOperaUserName(username);
sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
sysLogsVo.setIp(IpUtils.getIpAddr());
sysLogsVo.setModel("系统认证模块");
sysLogsVo.setLogType(0);
if (StringUtils.isNotEmpty(userId)){

6
bonus-common/bonus-common-config/src/main/java/com/bonus/config/SystemConfig.java
View File

@ -49,12 +49,6 @@ public class SystemConfig {
* websocketUrl
*/
private String websocketurl;
/**
* 信任的代理ip list
*/
private List<String> trustedProxyIps;
@Data
@RefreshScope

44
bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/ip/IpUtils.java
View File

@ -1,16 +1,15 @@
package com.bonus.common.core.utils.ip;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import com.bonus.common.core.utils.ServletUtils;
import com.bonus.common.core.utils.StringUtils;
import org.springframework.util.ObjectUtils;
/**
* 获取IP方法
*
*
* @author bonus
*/
@ -34,21 +33,21 @@ public class IpUtils
/**
* 获取客户端IP
*
*
* @return IP地址
*/
public static String getIpAddr(List<String> trustedProxy)
public static String getIpAddr()
{
return getIpAddr(ServletUtils.getRequest(), trustedProxy);
return getIpAddr(ServletUtils.getRequest());
}
/**
* 获取客户端IP
*
*
* @param request 请求对象
* @return IP地址
*/
public static String getIpAddr(HttpServletRequest request,List<String> trustedProxy)
public static String getIpAddr(HttpServletRequest request)
{
if (request == null)
{
@ -72,22 +71,17 @@ public class IpUtils
ip = request.getHeader("X-Real-IP");
}
String remoteAddr = request.getRemoteAddr();
if (!StringUtils.isEmpty(ip) && !StringUtils.isEmpty(remoteAddr) && !ObjectUtils.isEmpty(trustedProxy)) {
//使用代理的情况下确定代理是可信的
if (trustedProxy.contains(remoteAddr)) {
return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : getMultistageReverseProxyIp(ip);
}
if (ip == null || ip.length() == 0 || IP_UNKNOWN.equalsIgnoreCase(ip))
{
ip = request.getRemoteAddr();
}
if (!StringUtils.isEmpty(remoteAddr)) {
return "0:0:0:0:0:0:0:1".equals(remoteAddr) ? "127.0.0.1" : getMultistageReverseProxyIp(remoteAddr);
}
return IP_UNKNOWN;
return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : getMultistageReverseProxyIp(ip);
}
/**
* 检查是否为内部IP地址
*
*
* @param ip IP地址
* @return 结果
*/
@ -99,7 +93,7 @@ public class IpUtils
/**
* 检查是否为内部IP地址
*
*
* @param addr byte地址
* @return 结果
*/
@ -152,7 +146,7 @@ public class IpUtils
/**
* 将IPv4地址转换成字节
*
*
* @param text IPv4地址
* @return byte 字节
*/
@ -245,7 +239,7 @@ public class IpUtils
/**
* 获取IP地址
*
*
* @return 本地IP地址
*/
public static String getHostIp()
@ -262,7 +256,7 @@ public class IpUtils
/**
* 获取主机名
*
*
* @return 本地主机名
*/
public static String getHostName()
@ -386,7 +380,7 @@ public class IpUtils
/**
* 校验ip是否符合过滤串规则
*
*
* @param filter 过滤IP列表,支持后缀'*'通配,支持网段如:`10.10.10.1-10.10.10.99`
* @param ip 校验IP地址
* @return boolean 结果
@ -415,4 +409,4 @@ public class IpUtils
}
return false;
}
}
}

5
bonus-common/bonus-common-log/src/main/java/com/bonus/common/log/aspect/LogAspect.java
View File

@ -57,9 +57,6 @@ public class LogAspect
@Autowired
private AsyncLogService asyncLogService;
@Resource
private SystemConfig systemConfig;
/**
* 处理请求前执行
*/
@ -125,7 +122,7 @@ public class LogAspect
sysLogsVo.setOperateDetail(controllerLog.details());
}
sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
sysLogsVo.setIp(IpUtils.getIpAddr());
// 设置方法名称
String className = joinPoint.getTarget().getClass().getName();
String methodName = joinPoint.getSignature().getName();

2
bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
View File

@ -184,7 +184,7 @@ public class AuthLogic
public void addErrorLogs(ProceedingJoinPoint joinPoint,RequiresPermissions requiresPermissions){
try{
LoginUser loginUser = getLoginUser();
loginUser.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
loginUser.setIpaddr(IpUtils.getIpAddr());
SysLogsVo vo=SysLogsVo.getExceedAuthorithSysLogsVo(loginUser,joinPoint);
LogsUtils.setRequestValue(joinPoint,vo,null);
SysLogsVo sysLogsVo=new SysLogsVo();

4
bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/feign/FeignRequestInterceptor.java
View File

@ -21,8 +21,6 @@ import feign.RequestTemplate;
@Component
public class FeignRequestInterceptor implements RequestInterceptor
{
public SystemConfig systemConfig = SpringUtils.getBean(SystemConfig.class);
@Override
public void apply(RequestTemplate requestTemplate)
{
@ -53,7 +51,7 @@ public class FeignRequestInterceptor implements RequestInterceptor
}
// 配置客户端IP
requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr());
}
}
}

2
bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/service/TokenService.java
View File

@ -72,7 +72,7 @@ public class TokenService {
loginUser.setToken(token);
loginUser.setUserid(userId);
loginUser.setUsername(userName);
loginUser.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
loginUser.setIpaddr(IpUtils.getIpAddr());
refreshToken(loginUser);
// Jwt存储信息
Map<String, Object> claimsMap = new HashMap<String, Object>(16);

4
bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java
View File

@ -49,8 +49,6 @@ public class SysLogServiceImpl implements ISysLogService {
@Autowired
private ApplicationEventPublisher eventPublisher;
@Autowired
private SystemConfig systemConfig;
@Override
@Transactional(rollbackFor = Exception.class)
@ -86,7 +84,7 @@ public class SysLogServiceImpl implements ISysLogService {
public void saveLogs(SysLogsVo sysLog, HttpServletRequest request) {
try{
String loginUuid = IdUtils.fastUUID();
String ip = IpUtils.getIpAddr(request, systemConfig.getTrustedProxyIps());
String ip = IpUtils.getIpAddr(request);
sysLog.setIp(ip);
sysLog.setLogId(loginUuid);
sysLog.setGrade("");