回滚关于IP伪造代码上的改动

2024-11-13 17:45:02 +08:00 · 2024-11-13 17:45:02 +08:00 · 0f1bff9724
parent 8d668d4d9b
commit 0f1bff9724
9 changed files with 34 additions and 55 deletions
--- a/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java
+++ b/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java
@ -238,7 +238,7 @@ public class PasswordValidatorService {
        long startTime = System.currentTimeMillis();
        try {
            String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST));
-            String ip = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps());
+            String ip = IpUtils.getIpAddr();
            if (IpUtils.isMatchedIp(blackStr,ip )) {
                logAndThrowError(username, "访问IP已被列入系统黑名单", "访问IP已被列入系统黑名单");
            }
@ -270,7 +270,7 @@ public class PasswordValidatorService {
     */
    public void handleIpValidation(String username, SysUser user) {
        try {
-            String nowIp = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps());
+            String nowIp = IpUtils.getIpAddr();
            String hisIp = redisService.getCacheObject("IP:" + user.getUserId());
            if (!nowIp.equals(hisIp)) {
                recordLogService.saveErrorLogs(username, System.currentTimeMillis(), user.getUserId().toString(),"用户连续两次在不同IP登录");
@ -286,7 +286,7 @@ public class PasswordValidatorService {
        List<Map<String, Object>> cacheList = redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST);
        // 获取客户端的 IP 地址
-        String ip = IpUtils.getIpAddr(systemConfig.getTrustedProxyIps());
+        String ip = IpUtils.getIpAddr();
        // 遍历黑名单
        for (Map<String, Object> map : cacheList) {
--- a/bonus-auth/src/main/java/com/bonus/auth/service/SysRecordLogService.java
+++ b/bonus-auth/src/main/java/com/bonus/auth/service/SysRecordLogService.java
@ -31,8 +31,6 @@ public class SysRecordLogService
 {
    @Autowired
    private RemoteLogService remoteLogService;
    @Autowired
    private SystemConfig systemConfig;
    /**
     * 记录登录信息
@ -46,7 +44,7 @@ public class SysRecordLogService
    {
        SysLogininfor logininfor = new SysLogininfor();
        logininfor.setUserName(username);
-        logininfor.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        logininfor.setIpaddr(IpUtils.getIpAddr());
        logininfor.setMsg(message);
        // 日志状态
        if (StringUtils.equalsAny(status, Constants.LOGIN_SUCCESS, Constants.LOGOUT, Constants.REGISTER))
@ -74,7 +72,7 @@ public class SysRecordLogService
        String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
        sysLogsVo.setLogId(uuid);
        sysLogsVo.setOperaUserName(username);
-        sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        sysLogsVo.setIp(IpUtils.getIpAddr());
        sysLogsVo.setModel("系统认证模块");
        sysLogsVo.setOperTime(DateUtils.getTime());
        sysLogsVo.setMethodType(SystemGlobal.POST);
@ -123,7 +121,7 @@ public class SysRecordLogService
        if (StringUtils.isNotEmpty(userId)){
            sysLogsVo.setUserId(userId);
        }
-        sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        sysLogsVo.setIp(IpUtils.getIpAddr());
        sysLogsVo.setResultData("用户登录成功");
        sysLogsVo.setTitle("系统登录");
        sysLogsVo.setModel("系统认证模块");
@ -132,7 +130,7 @@ public class SysRecordLogService
        sysLogsVo.setMethod("login()");
        sysLogsVo.setLogId(uuid);
        sysLogsVo.setOperaUserName(username);
-        sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        sysLogsVo.setIp(IpUtils.getIpAddr());
        sysLogsVo.setParams("{\"username\":\""+username+"\"}");
        sysLogsVo.setOperateDetail("用户登录系统");
        sysLogsVo.setErrType(errMessage);
@ -159,7 +157,7 @@ public class SysRecordLogService
        String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
        sysLogsVo.setLogId(uuid);
        sysLogsVo.setOperaUserName(username);
-        sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        sysLogsVo.setIp(IpUtils.getIpAddr());
        sysLogsVo.setModel("系统认证模块");
        sysLogsVo.setLogType(0);
        if (StringUtils.isNotEmpty(userId)){
@ -200,7 +198,7 @@ public class SysRecordLogService
        String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
        sysLogsVo.setLogId(uuid);
        sysLogsVo.setOperaUserName(username);
-        sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        sysLogsVo.setIp(IpUtils.getIpAddr());
        sysLogsVo.setModel("系统认证模块");
        sysLogsVo.setLogType(0);
        if (StringUtils.isNotEmpty(userId)){
@ -233,7 +231,7 @@ public class SysRecordLogService
        String uuid= UUID.randomUUID().toString().replace("-","").toUpperCase();
        sysLogsVo.setLogId(uuid);
        sysLogsVo.setOperaUserName(username);
-        sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        sysLogsVo.setIp(IpUtils.getIpAddr());
        sysLogsVo.setModel("系统认证模块");
        sysLogsVo.setLogType(0);
        if (StringUtils.isNotEmpty(userId)){
--- a/bonus-common/bonus-common-config/src/main/java/com/bonus/config/SystemConfig.java
+++ b/bonus-common/bonus-common-config/src/main/java/com/bonus/config/SystemConfig.java
@ -50,12 +50,6 @@ public class SystemConfig  {
     */
    private String websocketurl;
    /**
     * 信任的代理ip list
     */
    private List<String> trustedProxyIps;
    @Data
    @RefreshScope
    public static class LoginConfig {
--- a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/ip/IpUtils.java
+++ b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/ip/IpUtils.java
@ -1,12 +1,11 @@
 package com.bonus.common.core.utils.ip;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import com.bonus.common.core.utils.ServletUtils;
 import com.bonus.common.core.utils.StringUtils;
 import org.springframework.util.ObjectUtils;
 /**
 * 获取IP方法
@ -37,9 +36,9 @@ public class IpUtils
     *
     * @return IP地址
     */
-    public static String getIpAddr(List<String> trustedProxy)
+    public static String getIpAddr()
    {
-        return getIpAddr(ServletUtils.getRequest(), trustedProxy);
+        return getIpAddr(ServletUtils.getRequest());
    }
    /**
@ -48,7 +47,7 @@ public class IpUtils
     * @param request 请求对象
     * @return IP地址
     */
-    public static String getIpAddr(HttpServletRequest request,List<String> trustedProxy)
+    public static String getIpAddr(HttpServletRequest request)
    {
        if (request == null)
        {
@ -72,17 +71,12 @@ public class IpUtils
            ip = request.getHeader("X-Real-IP");
        }
-        String remoteAddr = request.getRemoteAddr();
+        if (ip == null || ip.length() == 0 || IP_UNKNOWN.equalsIgnoreCase(ip))
-        if (!StringUtils.isEmpty(ip) && !StringUtils.isEmpty(remoteAddr) && !ObjectUtils.isEmpty(trustedProxy)) {
+        {
-            //使用代理的情况下确定代理是可信的
+            ip = request.getRemoteAddr();
            if (trustedProxy.contains(remoteAddr)) {
                return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : getMultistageReverseProxyIp(ip);
            }
        }
-        if (!StringUtils.isEmpty(remoteAddr)) {
+
-            return "0:0:0:0:0:0:0:1".equals(remoteAddr) ? "127.0.0.1" : getMultistageReverseProxyIp(remoteAddr);
+        return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : getMultistageReverseProxyIp(ip);
        }
        return IP_UNKNOWN;
    }
    /**
--- a/bonus-common/bonus-common-log/src/main/java/com/bonus/common/log/aspect/LogAspect.java
+++ b/bonus-common/bonus-common-log/src/main/java/com/bonus/common/log/aspect/LogAspect.java
@ -57,9 +57,6 @@ public class LogAspect
    @Autowired
    private AsyncLogService asyncLogService;
    @Resource
    private SystemConfig systemConfig;
    /**
     * 处理请求前执行
     */
@ -125,7 +122,7 @@ public class LogAspect
                sysLogsVo.setOperateDetail(controllerLog.details());
            }
-            sysLogsVo.setIp(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+            sysLogsVo.setIp(IpUtils.getIpAddr());
            // 设置方法名称
            String className = joinPoint.getTarget().getClass().getName();
            String methodName = joinPoint.getSignature().getName();
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
@ -184,7 +184,7 @@ public class AuthLogic
    public void addErrorLogs(ProceedingJoinPoint joinPoint,RequiresPermissions requiresPermissions){
        try{
            LoginUser loginUser = getLoginUser();
-            loginUser.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+            loginUser.setIpaddr(IpUtils.getIpAddr());
            SysLogsVo vo=SysLogsVo.getExceedAuthorithSysLogsVo(loginUser,joinPoint);
            LogsUtils.setRequestValue(joinPoint,vo,null);
            SysLogsVo sysLogsVo=new SysLogsVo();
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/feign/FeignRequestInterceptor.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/feign/FeignRequestInterceptor.java
@ -21,8 +21,6 @@ import feign.RequestTemplate;
@Component
 public class FeignRequestInterceptor implements RequestInterceptor
 {
    public SystemConfig systemConfig = SpringUtils.getBean(SystemConfig.class);
    @Override
    public void apply(RequestTemplate requestTemplate)
    {
@ -53,7 +51,7 @@ public class FeignRequestInterceptor implements RequestInterceptor
            }
            // 配置客户端IP
-            requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+            requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr());
        }
    }
 }
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/service/TokenService.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/service/TokenService.java
@ -72,7 +72,7 @@ public class TokenService {
        loginUser.setToken(token);
        loginUser.setUserid(userId);
        loginUser.setUsername(userName);
-        loginUser.setIpaddr(IpUtils.getIpAddr(systemConfig.getTrustedProxyIps()));
+        loginUser.setIpaddr(IpUtils.getIpAddr());
        refreshToken(loginUser);
        // Jwt存储信息
        Map<String, Object> claimsMap = new HashMap<String, Object>(16);
--- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java
+++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java
@ -49,8 +49,6 @@ public class SysLogServiceImpl implements ISysLogService {
    @Autowired
    private ApplicationEventPublisher eventPublisher;
    @Autowired
    private SystemConfig systemConfig;
    @Override
    @Transactional(rollbackFor = Exception.class)
@ -86,7 +84,7 @@ public class SysLogServiceImpl implements ISysLogService {
    public void saveLogs(SysLogsVo sysLog, HttpServletRequest request) {
            try{
                String loginUuid = IdUtils.fastUUID();
-                String ip = IpUtils.getIpAddr(request, systemConfig.getTrustedProxyIps());
+                String ip = IpUtils.getIpAddr(request);
                sysLog.setIp(ip);
                sysLog.setLogId(loginUuid);
                sysLog.setGrade("高");