FatttSnake/oxygen-api
1
0
Fork 0
Code Pull Requests Activity

Fix: IP - real IP address cannot be obtained when using reverse proxy bug

Browse Source
This commit is contained in:
Fat Snake
2024-03-26 14:19:01 +08:00
parent 716cacbafb
commit 555877770d
3 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/kotlin/top/fatweb/oxygen/api/aop/SysLogInterceptor.kt
View File

@@ -49,7 +49,7 @@ class SysLogInterceptor(
requestUri = URI(request.requestURI).path requestUri = URI(request.requestURI).path
requestParams = formatParams(request.parameterMap) requestParams = formatParams(request.parameterMap)
requestMethod = request.method requestMethod = request.method
requestIp = request.remoteAddr requestIp = WebUtil.getRequestIp(request)
requestServerAddress = "${request.scheme}://${request.serverName}:${request.serverPort}" requestServerAddress = "${request.scheme}://${request.serverName}:${request.serverPort}"
userAgent = request.getHeader("User-Agent") userAgent = request.getHeader("User-Agent")
} }

8
src/main/kotlin/top/fatweb/oxygen/api/service/permission/impl/AuthenticationServiceImpl.kt
View File

@@ -165,7 +165,7 @@ class AuthenticationServiceImpl(
LocalDateTime.now(ZoneOffset.UTC).toInstant(ZoneOffset.UTC).toEpochMilli() LocalDateTime.now(ZoneOffset.UTC).toInstant(ZoneOffset.UTC).toEpochMilli()
}-${UUID.randomUUID()}-${UUID.randomUUID()}-${UUID.randomUUID()}" }-${UUID.randomUUID()}-${UUID.randomUUID()}-${UUID.randomUUID()}"
userService.update(KtUpdateWrapper(User()).eq(User::id, user.id).set(User::forget, code)) userService.update(KtUpdateWrapper(User()).eq(User::id, user.id).set(User::forget, code))
sendRetrieveMail(user.username!!, request.remoteAddr, code, forgetParam.email!!) sendRetrieveMail(user.username!!, WebUtil.getRequestIp(request), code, forgetParam.email!!)
} }
@Transactional @Transactional
@@ -197,7 +197,7 @@ class AuthenticationServiceImpl(
WebUtil.offlineUser(redisUtil, user.id!!) WebUtil.offlineUser(redisUtil, user.id!!)
sendPasswordChangedMail(user.username!!, request.remoteAddr, userInfo!!.email!!) sendPasswordChangedMail(user.username!!, WebUtil.getRequestIp(request), userInfo!!.email!!)
} }
@EventLogRecord(EventLog.Event.LOGIN) @EventLogRecord(EventLog.Event.LOGIN)
@@ -377,9 +377,9 @@ class AuthenticationServiceImpl(
} }
} }
logger.info("用户登录 [用户名: '{}', IP: '{}']", loginUser.username, request.remoteAddr) logger.info("用户登录 [用户名: '{}', IP: '{}']", loginUser.username, WebUtil.getRequestIp(request))
userService.update(User().apply { userService.update(User().apply {
currentLoginIp = request.remoteAddr currentLoginIp = WebUtil.getRequestIp(request)
currentLoginTime = LocalDateTime.now(ZoneOffset.UTC) currentLoginTime = LocalDateTime.now(ZoneOffset.UTC)
lastLoginIp = loginUser.user.currentLoginIp lastLoginIp = loginUser.user.currentLoginIp
lastLoginTime = loginUser.user.currentLoginTime lastLoginTime = loginUser.user.currentLoginTime

27
src/main/kotlin/top/fatweb/oxygen/api/util/WebUtil.kt
View File

@@ -76,4 +76,31 @@ object WebUtil {
redisUtil.delObject(keys) redisUtil.delObject(keys)
} }
/**
* Get real request IP
*
* @param request HttpServletRequest object
* @return IP address
* @author FatttSnake, fatttsnake@gmail.com
* @since 1.0.0
* @see HttpServletRequest
*/
fun getRequestIp(request: HttpServletRequest): String {
var ip = request.getHeader("X-Real-IP")
if (!ip.isNullOrBlank() && !"unknown".equals(ip, true)) {
return ip
}
ip = request.getHeader("X-Forwarded-For")
return if (!ip.isNullOrBlank() && !"unknown".equals(ip, true)) {
val index = ip.indexOf(",")
if (index != -1) {
ip.substring(0, index)
} else {
ip
}
} else {
request.remoteAddr
}
}
} }