From 0f1bff972409173f78b76204821f18585e39e080 Mon Sep 17 00:00:00 2001 From: weiweiw <14335254+weiweiw22@user.noreply.gitee.com> Date: Wed, 13 Nov 2024 17:45:02 +0800 Subject: [PATCH] =?UTF-8?q?=E5=9B=9E=E6=BB=9A=E5=85=B3=E4=BA=8EIP=E4=BC=AA?= =?UTF-8?q?=E9=80=A0=E4=BB=A3=E7=A0=81=E4=B8=8A=E7=9A=84=E6=94=B9=E5=8A=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/PasswordValidatorService.java | 6 +-- .../auth/service/SysRecordLogService.java | 16 +++---- .../java/com/bonus/config/SystemConfig.java | 6 --- .../bonus/common/core/utils/ip/IpUtils.java | 44 ++++++++----------- .../bonus/common/log/aspect/LogAspect.java | 5 +-- .../bonus/common/security/auth/AuthLogic.java | 2 +- .../feign/FeignRequestInterceptor.java | 4 +- .../common/security/service/TokenService.java | 2 +- .../service/impl/SysLogServiceImpl.java | 4 +- 9 files changed, 34 insertions(+), 55 deletions(-) diff --git a/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java b/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java index 81e9734..8799be6 100644 --- a/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java +++ b/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java @@ -238,7 +238,7 @@ public class PasswordValidatorService { long startTime = System.currentTimeMillis(); try { String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST)); - String ip = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()); + String ip = IpUtils.getIpAddr(); if (IpUtils.isMatchedIp(blackStr,ip )) { logAndThrowError(username, "访问IP已被列入系统黑名单", "访问IP已被列入系统黑名单"); } @@ -270,7 +270,7 @@ public class PasswordValidatorService { */ public void handleIpValidation(String username, SysUser user) { try { - String nowIp = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()); + String nowIp = IpUtils.getIpAddr(); String hisIp = redisService.getCacheObject("IP:" + user.getUserId()); if (!nowIp.equals(hisIp)) { recordLogService.saveErrorLogs(username, System.currentTimeMillis(), user.getUserId().toString(),"用户连续两次在不同IP登录"); @@ -286,7 +286,7 @@ public class PasswordValidatorService { List> cacheList = redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST); // 获取客户端的 IP 地址 - String ip = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()); + String ip = IpUtils.getIpAddr(); // 遍历黑名单 for (Map map : cacheList) { diff --git a/bonus-auth/src/main/java/com/bonus/auth/service/SysRecordLogService.java b/bonus-auth/src/main/java/com/bonus/auth/service/SysRecordLogService.java index 3945356..38bd9f4 100644 --- a/bonus-auth/src/main/java/com/bonus/auth/service/SysRecordLogService.java +++ b/bonus-auth/src/main/java/com/bonus/auth/service/SysRecordLogService.java @@ -31,8 +31,6 @@ public class SysRecordLogService { @Autowired private RemoteLogService remoteLogService; - @Autowired - private SystemConfig systemConfig; /** * 记录登录信息 @@ -46,7 +44,7 @@ public class SysRecordLogService { SysLogininfor logininfor = new SysLogininfor(); logininfor.setUserName(username); - logininfor.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + logininfor.setIpaddr(IpUtils.getIpAddr()); logininfor.setMsg(message); // 日志状态 if (StringUtils.equalsAny(status, Constants.LOGIN_SUCCESS, Constants.LOGOUT, Constants.REGISTER)) @@ -74,7 +72,7 @@ public class SysRecordLogService String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase(); sysLogsVo.setLogId(uuid); sysLogsVo.setOperaUserName(username); - sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + sysLogsVo.setIp(IpUtils.getIpAddr()); sysLogsVo.setModel("系统认证模块"); sysLogsVo.setOperTime(DateUtils.getTime()); sysLogsVo.setMethodType(SystemGlobal.POST); @@ -123,7 +121,7 @@ public class SysRecordLogService if (StringUtils.isNotEmpty(userId)){ sysLogsVo.setUserId(userId); } - sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + sysLogsVo.setIp(IpUtils.getIpAddr()); sysLogsVo.setResultData("用户登录成功"); sysLogsVo.setTitle("系统登录"); sysLogsVo.setModel("系统认证模块"); @@ -132,7 +130,7 @@ public class SysRecordLogService sysLogsVo.setMethod("login()"); sysLogsVo.setLogId(uuid); sysLogsVo.setOperaUserName(username); - sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + sysLogsVo.setIp(IpUtils.getIpAddr()); sysLogsVo.setParams("{\"username\":\""+username+"\"}"); sysLogsVo.setOperateDetail("用户登录系统"); sysLogsVo.setErrType(errMessage); @@ -159,7 +157,7 @@ public class SysRecordLogService String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase(); sysLogsVo.setLogId(uuid); sysLogsVo.setOperaUserName(username); - sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + sysLogsVo.setIp(IpUtils.getIpAddr()); sysLogsVo.setModel("系统认证模块"); sysLogsVo.setLogType(0); if (StringUtils.isNotEmpty(userId)){ @@ -200,7 +198,7 @@ public class SysRecordLogService String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase(); sysLogsVo.setLogId(uuid); sysLogsVo.setOperaUserName(username); - sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + sysLogsVo.setIp(IpUtils.getIpAddr()); sysLogsVo.setModel("系统认证模块"); sysLogsVo.setLogType(0); if (StringUtils.isNotEmpty(userId)){ @@ -233,7 +231,7 @@ public class SysRecordLogService String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase(); sysLogsVo.setLogId(uuid); sysLogsVo.setOperaUserName(username); - sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + sysLogsVo.setIp(IpUtils.getIpAddr()); sysLogsVo.setModel("系统认证模块"); sysLogsVo.setLogType(0); if (StringUtils.isNotEmpty(userId)){ diff --git a/bonus-common/bonus-common-config/src/main/java/com/bonus/config/SystemConfig.java b/bonus-common/bonus-common-config/src/main/java/com/bonus/config/SystemConfig.java index 47253f5..7a5bdc4 100644 --- a/bonus-common/bonus-common-config/src/main/java/com/bonus/config/SystemConfig.java +++ b/bonus-common/bonus-common-config/src/main/java/com/bonus/config/SystemConfig.java @@ -49,12 +49,6 @@ public class SystemConfig { * websocketUrl */ private String websocketurl; - - /** - * 信任的代理ip list - */ - private List trustedProxyIps; - @Data @RefreshScope diff --git a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/ip/IpUtils.java b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/ip/IpUtils.java index 6f8d391..4275956 100644 --- a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/ip/IpUtils.java +++ b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/ip/IpUtils.java @@ -1,16 +1,15 @@ + package com.bonus.common.core.utils.ip; import java.net.InetAddress; import java.net.UnknownHostException; -import java.util.List; import javax.servlet.http.HttpServletRequest; import com.bonus.common.core.utils.ServletUtils; import com.bonus.common.core.utils.StringUtils; -import org.springframework.util.ObjectUtils; /** * 获取IP方法 - * + * * @author bonus */ @@ -34,21 +33,21 @@ public class IpUtils /** * 获取客户端IP - * + * * @return IP地址 */ - public static String getIpAddr(List trustedProxy) + public static String getIpAddr() { - return getIpAddr(ServletUtils.getRequest(), trustedProxy); + return getIpAddr(ServletUtils.getRequest()); } /** * 获取客户端IP - * + * * @param request 请求对象 * @return IP地址 */ - public static String getIpAddr(HttpServletRequest request,List trustedProxy) + public static String getIpAddr(HttpServletRequest request) { if (request == null) { @@ -72,22 +71,17 @@ public class IpUtils ip = request.getHeader("X-Real-IP"); } - String remoteAddr = request.getRemoteAddr(); - if (!StringUtils.isEmpty(ip) && !StringUtils.isEmpty(remoteAddr) && !ObjectUtils.isEmpty(trustedProxy)) { - //使用代理的情况下确定代理是可信的 - if (trustedProxy.contains(remoteAddr)) { - return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : getMultistageReverseProxyIp(ip); - } + if (ip == null || ip.length() == 0 || IP_UNKNOWN.equalsIgnoreCase(ip)) + { + ip = request.getRemoteAddr(); } - if (!StringUtils.isEmpty(remoteAddr)) { - return "0:0:0:0:0:0:0:1".equals(remoteAddr) ? "127.0.0.1" : getMultistageReverseProxyIp(remoteAddr); - } - return IP_UNKNOWN; + + return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : getMultistageReverseProxyIp(ip); } /** * 检查是否为内部IP地址 - * + * * @param ip IP地址 * @return 结果 */ @@ -99,7 +93,7 @@ public class IpUtils /** * 检查是否为内部IP地址 - * + * * @param addr byte地址 * @return 结果 */ @@ -152,7 +146,7 @@ public class IpUtils /** * 将IPv4地址转换成字节 - * + * * @param text IPv4地址 * @return byte 字节 */ @@ -245,7 +239,7 @@ public class IpUtils /** * 获取IP地址 - * + * * @return 本地IP地址 */ public static String getHostIp() @@ -262,7 +256,7 @@ public class IpUtils /** * 获取主机名 - * + * * @return 本地主机名 */ public static String getHostName() @@ -386,7 +380,7 @@ public class IpUtils /** * 校验ip是否符合过滤串规则 - * + * * @param filter 过滤IP列表,支持后缀'*'通配,支持网段如:`10.10.10.1-10.10.10.99` * @param ip 校验IP地址 * @return boolean 结果 @@ -415,4 +409,4 @@ public class IpUtils } return false; } -} \ No newline at end of file +} diff --git a/bonus-common/bonus-common-log/src/main/java/com/bonus/common/log/aspect/LogAspect.java b/bonus-common/bonus-common-log/src/main/java/com/bonus/common/log/aspect/LogAspect.java index e77aa8b..e03b4f0 100644 --- a/bonus-common/bonus-common-log/src/main/java/com/bonus/common/log/aspect/LogAspect.java +++ b/bonus-common/bonus-common-log/src/main/java/com/bonus/common/log/aspect/LogAspect.java @@ -57,9 +57,6 @@ public class LogAspect @Autowired private AsyncLogService asyncLogService; - @Resource - private SystemConfig systemConfig; - /** * 处理请求前执行 */ @@ -125,7 +122,7 @@ public class LogAspect sysLogsVo.setOperateDetail(controllerLog.details()); } - sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + sysLogsVo.setIp(IpUtils.getIpAddr()); // 设置方法名称 String className = joinPoint.getTarget().getClass().getName(); String methodName = joinPoint.getSignature().getName(); diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java index 39138db..329b9ca 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java @@ -184,7 +184,7 @@ public class AuthLogic public void addErrorLogs(ProceedingJoinPoint joinPoint,RequiresPermissions requiresPermissions){ try{ LoginUser loginUser = getLoginUser(); - loginUser.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + loginUser.setIpaddr(IpUtils.getIpAddr()); SysLogsVo vo=SysLogsVo.getExceedAuthorithSysLogsVo(loginUser,joinPoint); LogsUtils.setRequestValue(joinPoint,vo,null); SysLogsVo sysLogsVo=new SysLogsVo(); diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/feign/FeignRequestInterceptor.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/feign/FeignRequestInterceptor.java index 16ae0e4..fa82d5f 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/feign/FeignRequestInterceptor.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/feign/FeignRequestInterceptor.java @@ -21,8 +21,6 @@ import feign.RequestTemplate; @Component public class FeignRequestInterceptor implements RequestInterceptor { - public SystemConfig systemConfig = SpringUtils.getBean(SystemConfig.class); - @Override public void apply(RequestTemplate requestTemplate) { @@ -53,7 +51,7 @@ public class FeignRequestInterceptor implements RequestInterceptor } // 配置客户端IP - requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr()); } } } \ No newline at end of file diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/service/TokenService.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/service/TokenService.java index b719143..cea20f8 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/service/TokenService.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/service/TokenService.java @@ -72,7 +72,7 @@ public class TokenService { loginUser.setToken(token); loginUser.setUserid(userId); loginUser.setUsername(userName); - loginUser.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps())); + loginUser.setIpaddr(IpUtils.getIpAddr()); refreshToken(loginUser); // Jwt存储信息 Map claimsMap = new HashMap(16); diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java index c2514e7..0e5a548 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java @@ -49,8 +49,6 @@ public class SysLogServiceImpl implements ISysLogService { @Autowired private ApplicationEventPublisher eventPublisher; - @Autowired - private SystemConfig systemConfig; @Override @Transactional(rollbackFor = Exception.class) @@ -86,7 +84,7 @@ public class SysLogServiceImpl implements ISysLogService { public void saveLogs(SysLogsVo sysLog, HttpServletRequest request) { try{ String loginUuid = IdUtils.fastUUID(); - String ip = IpUtils.getIpAddr(request, systemConfig.getTrustedProxyIps()); + String ip = IpUtils.getIpAddr(request); sysLog.setIp(ip); sysLog.setLogId(loginUuid); sysLog.setGrade("高");