leftyer/SamWaf
1
0
Fork 0
mirror of https://gitee.com/samwaf/SamWaf.git synced 2025-12-06 14:59:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: otp force

Browse Source 
#169
This commit is contained in:
samwaf
2025-03-05 09:58:16 +08:00
parent 001603e95a
commit 3d60ab1fc5
4 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
global/config.go
View File

@@ -30,6 +30,7 @@ var (
GCONFIG_RECORD_DNS_NORMAL_EXPIRE_HOURS int64 = 7 * 24 //DNS 正常有效期 单位小时 默认7天 GCONFIG_RECORD_DNS_NORMAL_EXPIRE_HOURS int64 = 7 * 24 //DNS 正常有效期 单位小时 默认7天
GCONFIG_RECORD_SPIDER_DENY int64 = 0 //爬虫禁止访问开关 默认 0 只检测不阻止访问 1 检测并阻止访问 GCONFIG_RECORD_SPIDER_DENY int64 = 0 //爬虫禁止访问开关 默认 0 只检测不阻止访问 1 检测并阻止访问
GCONFIG_RECORD_HIDE_SERVER_HEADER int64 = 1 // 是否隐藏Server头信息 1隐藏 0不隐藏 GCONFIG_RECORD_HIDE_SERVER_HEADER int64 = 1 // 是否隐藏Server头信息 1隐藏 0不隐藏
GCONFIG_RECORD_FORCE_BIND_2FA int64 = 0 // 是否强制绑定双因素认证(1强制 0不强制)
GCONFIG_RECORD_DEBUG_ENABLE int64 = 0 //调试开关 默认关闭 GCONFIG_RECORD_DEBUG_ENABLE int64 = 0 //调试开关 默认关闭
GCONFIG_RECORD_DEBUG_PWD string = "" //调试密码 如果未空则不需要密码 GCONFIG_RECORD_DEBUG_PWD string = "" //调试密码 如果未空则不需要密码

11
middleware/auth_api_check.go
View File

@@ -15,6 +15,7 @@ import (
var ( var (
wafTokenInfoService = waf_service.WafTokenInfoServiceApp wafTokenInfoService = waf_service.WafTokenInfoServiceApp
wafOtpService = waf_service.WafOtpServiceApp
) )
// Auth 鉴权中间件 // Auth 鉴权中间件
@@ -70,6 +71,16 @@ func Auth() gin.HandlerFunc {
} }
} }
//检测是否强制2Fa绑定
if global.GCONFIG_RECORD_FORCE_BIND_2FA == 1 && c.Request.RequestURI != "/samwaf/ws" && c.Request.RequestURI != "/samwaf/logout" {
otpBean := wafOtpService.GetDetailByUserNameApi(tokenInfo.LoginAccount)
if otpBean.UserName == "" {
//需要强制跳转2fa绑定界面
response.NeedBind2FAWithMessage("系统已开启强制 【双因素认证】 ,请进行绑定", c)
c.Abort()
return
}
}
} }
} }
} }

4
model/common/response/response.go
View File

@@ -18,6 +18,7 @@ const (
ERROR = -1 ERROR = -1
SUCCESS = 0 SUCCESS = 0
INPUT_SECRET_CODE = -2 INPUT_SECRET_CODE = -2
NEED_BIND_2FA = -3
AUTHFAIL = -999 AUTHFAIL = -999
) )
@@ -65,3 +66,6 @@ func AuthFailWithMessage(message string, c *gin.Context) {
func SecretCodeFailWithMessage(message string, c *gin.Context) { func SecretCodeFailWithMessage(message string, c *gin.Context) {
Result(INPUT_SECRET_CODE, map[string]interface{}{}, message, c) Result(INPUT_SECRET_CODE, map[string]interface{}{}, message, c)
} }
func NeedBind2FAWithMessage(message string, c *gin.Context) {
Result(NEED_BIND_2FA, map[string]interface{}{}, message, c)
}

4
waftask/task_config.go
View File

@@ -76,6 +76,9 @@ func setConfigIntValue(name string, value int64, change int) {
case "hide_server_header": case "hide_server_header":
global.GCONFIG_RECORD_HIDE_SERVER_HEADER = value global.GCONFIG_RECORD_HIDE_SERVER_HEADER = value
break break
case "force_bind_2fa":
global.GCONFIG_RECORD_FORCE_BIND_2FA = value
break
default: default:
zlog.Warn("Unknown config item:", name) zlog.Warn("Unknown config item:", name)
} }
@@ -214,4 +217,5 @@ func TaskLoadSetting(initLoad bool) {
updateConfigStringItem(initLoad, "gpt", "gpt_token", global.GCONFIG_RECORD_GPT_TOKEN, "GPT远程授权密钥", "string", "") updateConfigStringItem(initLoad, "gpt", "gpt_token", global.GCONFIG_RECORD_GPT_TOKEN, "GPT远程授权密钥", "string", "")
updateConfigStringItem(initLoad, "gpt", "gpt_model", global.GCONFIG_RECORD_GPT_MODEL, "GPT模型名称", "string", "") updateConfigStringItem(initLoad, "gpt", "gpt_model", global.GCONFIG_RECORD_GPT_MODEL, "GPT模型名称", "string", "")
updateConfigIntItem(initLoad, "security", "hide_server_header", global.GCONFIG_RECORD_HIDE_SERVER_HEADER, "是否隐藏Server响应头(1隐藏 0不隐藏)", "int", "") updateConfigIntItem(initLoad, "security", "hide_server_header", global.GCONFIG_RECORD_HIDE_SERVER_HEADER, "是否隐藏Server响应头(1隐藏 0不隐藏)", "int", "")
updateConfigIntItem(initLoad, "security", "force_bind_2fa", global.GCONFIG_RECORD_FORCE_BIND_2FA, "是否强制绑定双因素认证(1强制 0不强制)", "options", "0|不强制,1|强制")
} }