fix ip config

2024-12-02 20:08:40 +08:00 · 2022-01-18 17:54:14 +08:00 · 2022-01-18 17:54:14 +08:00 · cf7490725a
commit cf7490725a
parent e44a6a7811
4 changed files with 67 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@
 ### 解决BUG、优化功能

 1. 【server】数据库备份自定义表显示中文描述
+2. 【server】配置 ip 白名单判断是否合法,并且支持 ip/掩码位： `192.168.1.0/24` 格式（感谢@skyou）

 ------

--- a/modules/server/src/main/java/io/jpom/common/interceptor/IpInterceptor.java
+++ b/modules/server/src/main/java/io/jpom/common/interceptor/IpInterceptor.java
@ -22,8 +22,8 @@
 */
 package io.jpom.common.interceptor;

+import cn.hutool.core.net.Ipv4Util;
 import cn.hutool.core.net.NetUtil;
-import cn.hutool.core.util.CharUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.servlet.ServletUtil;
 import cn.jiangzeyin.common.JsonMessage;
@ -96,12 +96,27 @@ public class IpInterceptor extends BaseJpomInterceptor {
 				// 开放所有
 				return true;
 			}
-			if (StrUtil.contains(itemIp, CharUtil.SLASH)) {
+			if (StrUtil.contains(itemIp, Ipv4Util.IP_MASK_SPLIT_MARK)) {
 				// ip段
-				String[] itemIps = StrUtil.splitToArray(itemIp, StrUtil.SLASH);
-				long aBegin = NetUtil.ipv4ToLong(itemIps[0]);
-				long aEnd = NetUtil.ipv4ToLong(itemIps[1]);
-				check = (ipNum >= aBegin) && (ipNum <= aEnd);
+				String[] itemIps = StrUtil.splitToArray(itemIp, Ipv4Util.IP_MASK_SPLIT_MARK);
+				int count1 = StrUtil.count(itemIps[0], StrUtil.DOT);
+				int count2 = StrUtil.count(itemIps[1], StrUtil.DOT);
+				if (count1 == 3 && count2 == 3) {
+					//192.168.1.0/192.168.1.200
+					long aBegin = NetUtil.ipv4ToLong(itemIps[0]);
+					long aEnd = NetUtil.ipv4ToLong(itemIps[1]);
+					check = (ipNum >= aBegin) && (ipNum <= aEnd);
+				} else if (count1 == 3 && count2 == 0) {
+					//192.168.1.0/24
+					String startIp = Ipv4Util.getBeginIpStr(itemIps[0], Integer.parseInt(itemIps[1]));
+					String endIp = Ipv4Util.getEndIpStr(itemIps[0], Integer.parseInt(itemIps[1]));
+					long aBegin = NetUtil.ipv4ToLong(startIp);
+					long aEnd = NetUtil.ipv4ToLong(endIp);
+					check = (ipNum >= aBegin) && (ipNum <= aEnd);
+				} else {
+					check = false;
+				}
+
 			} else {
 				check = StrUtil.equals(itemIp, ip);
 			}
--- a/modules/server/src/main/java/io/jpom/controller/system/SystemConfigController.java
+++ b/modules/server/src/main/java/io/jpom/controller/system/SystemConfigController.java
@ -25,6 +25,8 @@ package io.jpom.controller.system;
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.lang.Validator;
+import cn.hutool.core.net.Ipv4Util;
 import cn.hutool.core.thread.ThreadUtil;
 import cn.hutool.core.util.CharsetUtil;
 import cn.hutool.core.util.StrUtil;
@ -159,10 +161,49 @@ public class SystemConfigController extends BaseServerController {
 	@Feature(cls = ClassFeature.SYSTEM_CONFIG_IP, method = MethodFeature.EDIT)
 	public String saveIpConfig(String allowed, String prohibited) {
 		SystemIpConfigModel systemIpConfigModel = new SystemIpConfigModel();
-		systemIpConfigModel.setAllowed(StrUtil.emptyToDefault(allowed, StrUtil.EMPTY));
-		systemIpConfigModel.setProhibited(StrUtil.emptyToDefault(prohibited, StrUtil.EMPTY));
+		String allowed1 = StrUtil.emptyToDefault(allowed, StrUtil.EMPTY);
+		this.checkIpV4(allowed1);
+		systemIpConfigModel.setAllowed(allowed1);
+		//
+		String prohibited1 = StrUtil.emptyToDefault(prohibited, StrUtil.EMPTY);
+		systemIpConfigModel.setProhibited(prohibited1);
+		this.checkIpV4(prohibited1);
 		systemParametersServer.upsert(SystemIpConfigModel.ID, systemIpConfigModel, SystemIpConfigModel.ID);
 		//
 		return JsonMessage.getString(200, "修改成功");
 	}
+
+	private void checkIpV4(String ips) {
+		if (StrUtil.isEmpty(ips)) {
+			return;
+		}
+		String[] split = StrUtil.splitToArray(ips, StrUtil.LF);
+		for (String itemIp : split) {
+			itemIp = itemIp.trim();
+			if (itemIp.startsWith("#")) {
+				continue;
+			}
+			if (StrUtil.equals(itemIp, "0.0.0.0")) {
+				// 开放所有
+				continue;
+			}
+			if (StrUtil.contains(itemIp, Ipv4Util.IP_MASK_SPLIT_MARK)) {
+				String[] param = StrUtil.splitToArray(itemIp, Ipv4Util.IP_MASK_SPLIT_MARK);
+				int count1 = StrUtil.count(param[0], StrUtil.DOT);
+				int count2 = StrUtil.count(param[1], StrUtil.DOT);
+				if (count1 == 3 && count2 == 3) {
+					//192.168.1.0/192.168.1.200
+					continue;
+				}
+				if (count1 == 3 && count2 == 0) {
+					//192.168.1.0/24
+					return;
+				}
+				continue;
+			}
+			boolean ipv4 = Validator.isIpv4(itemIp);
+			Assert.state(ipv4, "请填写 ipv4 地址：" + itemIp);
+		}
+
+	}
 }
--- a/web-vue/src/pages/system/config.vue
+++ b/web-vue/src/pages/system/config.vue
@ -19,10 +19,10 @@
      <a-alert message="如果配置错误需要重新服务端并添加命令行参数 --rest:ip_config 将恢复默认配置" style="margin-top: 10px" banner />
      <a-form-model style="margin-top: 10px" ref="editForm" :model="temp" :label-col="{ span: 2 }" :wrapper-col="{ span: 20 }">
        <a-form-model-item label="IP白名单" prop="content">
-          <a-input v-model="ipTemp.allowed" type="textarea" :rows="8" class="ip-list-config" placeholder="请输入IP白名单,多个使用换行,0.0.0.0 是开发所有IP,支持配置IP段 192.168.1.1/192.168.1.254" />
+          <a-input v-model="ipTemp.allowed" type="textarea" :rows="8" class="ip-list-config" placeholder="请输入IP白名单,多个使用换行,0.0.0.0 是开发所有IP,支持配置IP段 192.168.1.1/192.168.1.254,192.168.1.0/24" />
        </a-form-model-item>
        <a-form-model-item label="IP黑名单" prop="content">
-          <a-input v-model="ipTemp.prohibited" type="textarea" :rows="8" class="ip-list-config" placeholder="请输入IP黑名单,多个使用换行,支持配置IP段 192.168.1.1/192.168.1.254" />
+          <a-input v-model="ipTemp.prohibited" type="textarea" :rows="8" class="ip-list-config" placeholder="请输入IP黑名单,多个使用换行,支持配置IP段 192.168.1.1/192.168.1.254,192.168.1.0/24" />
        </a-form-model-item>
        <a-form-model-item :wrapper-col="{ offset: 10 }" class="ip-config-button">
          <a-button type="primary" class="btn" :disabled="submitIpAble" @click="onSubmitIp()">保存</a-button>