fix(auth): 反代后登录白名单读取真实客户端 IP
Docker/1Panel 反代时 request.client.host 为 172.18.0.1;可信内网跳读取 X-Real-IP/X-Forwarded-For。 Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
+4
-3
@@ -16,6 +16,7 @@ from server.api.dependencies import get_auth_service, get_db
|
||||
from server.api.auth_jwt import get_current_admin
|
||||
from server.application.services.auth_service import AuthService, JWT_REFRESH_TOKEN_EXPIRE_DAYS
|
||||
from server.domain.models import Admin, AuditLog
|
||||
from server.utils.client_ip import get_client_ip
|
||||
|
||||
router = APIRouter(prefix="/api/auth", tags=["auth"])
|
||||
|
||||
@@ -122,7 +123,7 @@ async def login(
|
||||
Security: Refresh token is set as HttpOnly cookie (not in JSON body).
|
||||
Access token is returned in JSON for client-side Bearer auth.
|
||||
"""
|
||||
ip_address = request.client.host if request.client else "unknown"
|
||||
ip_address = get_client_ip(request)
|
||||
result = await service.login(
|
||||
username=payload.username,
|
||||
password=payload.password,
|
||||
@@ -170,7 +171,7 @@ async def refresh_token(
|
||||
if not refresh_token:
|
||||
raise HTTPException(status_code=401, detail="Missing refresh token")
|
||||
|
||||
ip_address = request.client.host if request.client else ""
|
||||
ip_address = get_client_ip(request)
|
||||
result = await service.refresh_token(refresh_token, ip_address=ip_address)
|
||||
if not result["success"]:
|
||||
# Clear the cookie on failure (invalid/expired token)
|
||||
@@ -313,7 +314,7 @@ async def change_password(
|
||||
logger.warning(f"Failed to clear refresh tokens from Redis for admin {admin.id}", exc_info=True)
|
||||
|
||||
# Audit log with client IP
|
||||
ip_address = request.client.host if request.client else ""
|
||||
ip_address = get_client_ip(request)
|
||||
audit_repo = AuditLogRepositoryImpl(db)
|
||||
await audit_repo.create(AuditLog(
|
||||
admin_username=admin.username,
|
||||
|
||||
Reference in New Issue
Block a user