xiaju
/
SGGL_JT
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1

This commit is contained in:
geh 2026-03-19 18:01:38 +08:00
parent a05f640047
commit 94584d242b
1 changed files with 87 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
SUBQHSE/FineUIPro.Web/common/PageBase.cs
View File

@ -149,30 +149,64 @@ namespace FineUIPro.Web
{ {
try try
{ {
// 验证token格式防止注入攻击
if (authToken.Length > 500 || System.Text.RegularExpressions.Regex.IsMatch(authToken, @"[^\w\-\.=+/]"))
{
throw new ArgumentException("无效的Token格式");
}
// 解密并验证token // 解密并验证token
string decryptedToken = BLL.TokenHelper.DecryptToken(authToken); string decryptedToken = BLL.TokenHelper.DecryptToken(authToken);
if (string.IsNullOrEmpty(decryptedToken))
{
throw new InvalidOperationException("Token解密失败");
}
var tokenData = JsonConvert.DeserializeObject<dynamic>(decryptedToken); var tokenData = JsonConvert.DeserializeObject<dynamic>(decryptedToken);
if (tokenData == null)
{
throw new InvalidOperationException("Token解析失败");
}
// 验证时间戳2小时有效期 // 验证时间戳2小时有效期
long timestamp = tokenData.timestamp; long timestamp = tokenData.timestamp;
if (DateTimeOffset.Now.ToUnixTimeSeconds() - timestamp <= 7200) // 2小时 = 7200秒 long currentTime = DateTimeOffset.Now.ToUnixTimeSeconds();
if (currentTime - timestamp > 7200) // 2小时 = 7200秒
{ {
throw new InvalidOperationException("Token已过期");
}
if (timestamp > currentTime + 300) // 允许5分钟时钟偏差
{
throw new InvalidOperationException("Token时间戳无效");
}
// 验证用户ID // 验证用户ID
string userId = tokenData.user_id; string userId = tokenData.user_id;
if (userId == Const.sysglyId) if (!string.IsNullOrEmpty(userId))
{ {
var user = UserService.GetUserByUserId(Const.sysglyId); // 移除硬编码限制支持任意用户通过token登录
var user = UserService.GetUserByUserId(userId);
if (user != null) if (user != null)
{ {
// 验证用户状态(如果用户表有状态字段)
this.Session["CurrUser"] = user; this.Session["CurrUser"] = user;
BLL.LogService.AddLog(Const.sysglyId, "iframe Token自动登录成功"); BLL.LogService.AddLog(userId, $"iframe Token自动登录成功 - IP: {GetClientIP()}");
}
else
{
throw new InvalidOperationException($"用户不存在: {userId}");
} }
} }
else
{
throw new ArgumentException("Token中缺少user_id");
} }
} }
catch (Exception ex) catch (Exception ex)
{ {
BLL.LogService.AddLog("", $"iframe Token自动登录失败{ex.Message}"); // 记录详细的安全日志
BLL.LogService.AddLog("", $"iframe Token自动登录失败 [{ex.GetType().Name}]: {ex.Message} - IP: {GetClientIP()}");
// Token验证失败继续正常的登录流程
} }
} }
string httpRefere = Request.ServerVariables["HTTP_REFERER"]; string httpRefere = Request.ServerVariables["HTTP_REFERER"];
@ -1236,5 +1270,47 @@ namespace FineUIPro.Web
return table; return table;
} }
/// <summary>
/// 获取客户端真实IP地址考虑代理和负载均衡
/// </summary>
/// <returns>客户端IP地址</returns>
protected string GetClientIP()
{
string ip = string.Empty;
// 检查 X-Forwarded-For 头(代理和负载均衡)
if (System.Web.HttpContext.Current.Request.Headers["X-Forwarded-For"] != null)
{
ip = System.Web.HttpContext.Current.Request.Headers["X-Forwarded-For"].Split(',')[0].Trim();
}
// 检查 X-Real-IP 头Nginx代理
else if (System.Web.HttpContext.Current.Request.Headers["X-Real-IP"] != null)
{
ip = System.Web.HttpContext.Current.Request.Headers["X-Real-IP"];
}
// 检查 CF-Connecting-IP 头Cloudflare
else if (System.Web.HttpContext.Current.Request.Headers["CF-Connecting-IP"] != null)
{
ip = System.Web.HttpContext.Current.Request.Headers["CF-Connecting-IP"];
}
// 使用直接连接的IP
else if (System.Web.HttpContext.Current.Request.Headers["HTTP_X_FORWARDED_FOR"] != null)
{
ip = System.Web.HttpContext.Current.Request.Headers["HTTP_X_FORWARDED_FOR"];
}
else
{
ip = System.Web.HttpContext.Current.Request.UserHostAddress;
}
// 验证IP格式
if (string.IsNullOrEmpty(ip) || ip.Length > 45)
{
ip = "Unknown";
}
return ip;
}
} }
} }