feat: support IP limitation for user entry pages (#3267)

* feat: support IP limitation for user entry pages * fix: error message, ip whiteList, check_entry_ip * fix: perform checks on the backend * fix: change the implementation of checking IpWhitelist * fix: add entryIpCheck in SetPassword and remove it from VerifyCode * fix: remove additional error message pop-ups * fix: add isRestricted and show ip error in EntryPage.js * fix: error message * Update auth.go * Update check_ip.go * Update check_ip.go * fix: update return value of the check function from string to error * fix: remoteAddress position * fix: IP whitelist * fix: clientIp * fix:add util.GetClientIpFromRequest * fix: remove duplicate IP and port separation codes and remove extra special characters after clientIp * fix: gofumpt * fix: getIpInfo and localhost --------- Co-authored-by: Yang Luo <hsluoyz@qq.com>
2025-07-01 18:40:18 +08:00 · 2024-10-15 20:40:14 +08:00
parent a3f8ded10c
commit 7cd8f030ee
17 changed files with 235 additions and 11 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -55,6 +55,13 @@ func tokenToResponse(token *object.Token) *Response {
 func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) {
 	userId := user.GetId()

+	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	err := object.CheckEntryIp(clientIp, user, application, application.OrganizationObj, c.GetAcceptLanguage())
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
 	allowed, err := object.CheckLoginPermission(userId, application)
 	if err != nil {
 		c.ResponseError(err.Error(), nil)
@ -256,6 +263,9 @@ func (c *ApiController) GetApplicationLogin() {
 		}
 	}

+	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	object.CheckEntryIp(clientIp, nil, application, nil, c.GetAcceptLanguage())
+
 	application = object.GetMaskedApplication(application, "")
 	if msg != "" {
 		c.ResponseError(msg, application)