|
|
@@ -381,11 +381,21 @@ func checkWxUserLogin(ctx *context.Context) {
|
|
|
}
|
|
|
|
|
|
// 检查来自大后台的请求是否为服务器IP
|
|
|
+// 支持配置项 RailsAdminAddr 为逗号分隔的 IP 白名单(容器化后 docker 网桥网关需要加入白名单)
|
|
|
func CheckIsInvokeFromRailsAdmin(ctx *context.Context) {
|
|
|
s := strings.Split(ctx.Request.RemoteAddr, ":")
|
|
|
ip := s[0]
|
|
|
beego.BeeLogger.Debug("railsadmin request ip is: %s", ip)
|
|
|
- if ip != beego.AppConfig.String("RailsAdminAddr") {
|
|
|
+ allowed := strings.Split(beego.AppConfig.String("RailsAdminAddr"), ",")
|
|
|
+ matched := false
|
|
|
+ for _, a := range allowed {
|
|
|
+ if strings.TrimSpace(a) == ip {
|
|
|
+ matched = true
|
|
|
+ break
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if !matched {
|
|
|
+ beego.BeeLogger.Warn("railsadmin request rejected, ip=%s not in whitelist", ip)
|
|
|
errCode := &ErrCode{
|
|
|
Code: RailAdminIPReduced[0],
|
|
|
Msg: RailAdminIPReduced[1],
|
abiao
abiao