mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-12 02:45:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

feat: save settings required 2fa if enabled otp

Browse source
This commit is contained in:
Jacky 2024-07-26 17:56:45 +08:00
parent d0af8bd427
commit 11c733547f
No known key found for this signature in database
GPG key ID: 215C21B10DF38B4D
5 changed files with 218 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/settings/router.go
View file

@ -1,13 +1,14 @@
package settings package settings
import ( import (
"github.com/0xJacky/Nginx-UI/internal/middleware"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
func InitRouter(r *gin.RouterGroup) { func InitRouter(r *gin.RouterGroup) {
r.GET("settings/server/name", GetServerName) r.GET("settings/server/name", GetServerName)
r.GET("settings", GetSettings) r.GET("settings", GetSettings)
r.POST("settings", SaveSettings) r.POST("settings", middleware.RequireSecureSession(), SaveSettings)
r.GET("settings/auth/banned_ips", GetBanLoginIP) r.GET("settings/auth/banned_ips", GetBanLoginIP)
r.DELETE("settings/auth/banned_ip", RemoveBannedIP) r.DELETE("settings/auth/banned_ip", RemoveBannedIP)

25
api/user/otp.go
View file

@ -171,10 +171,33 @@ func OTPStatus(c *gin.Context) {
} }
func SecureSessionStatus(c *gin.Context) { func SecureSessionStatus(c *gin.Context) {
// if you can visit this endpoint, you are already in a secure session cUser := api.CurrentUser(c)
if !cUser.EnabledOTP() {
c.JSON(http.StatusOK, gin.H{
"status": false,
})
return
}
ssid := c.GetHeader("X-Secure-Session-ID")
if ssid == "" {
ssid = c.Query("X-Secure-Session-ID")
}
if ssid == "" {
c.JSON(http.StatusOK, gin.H{
"status": false,
})
return
}
if user.VerifySecureSessionID(ssid, cUser.ID) {
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"status": true, "status": true,
}) })
return
}
c.JSON(http.StatusOK, gin.H{
"status": false,
})
} }
func StartSecure2FASession(c *gin.Context) { func StartSecure2FASession(c *gin.Context) {

4
api/user/router.go
View file

@ -1,7 +1,6 @@
package user package user
import ( import (
"github.com/0xJacky/Nginx-UI/internal/middleware"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
@ -27,7 +26,6 @@ func InitUserRouter(r *gin.RouterGroup) {
r.POST("/otp_enroll", EnrollTOTP) r.POST("/otp_enroll", EnrollTOTP)
r.POST("/otp_reset", ResetOTP) r.POST("/otp_reset", ResetOTP)
r.GET("/otp_secure_session_status", r.GET("/otp_secure_session_status", SecureSessionStatus)
middleware.RequireSecureSession(), SecureSessionStatus)
r.POST("/otp_secure_session", StartSecure2FASession) r.POST("/otp_secure_session", StartSecure2FASession)
} }

8
app/src/components/OTP/useOTPModal.ts
View file

@ -23,6 +23,7 @@ const useOTPModal = () => {
const open = async (): Promise<string> => { const open = async (): Promise<string> => {
const { status } = await otp.status() const { status } = await otp.status()
const { status: secureSessionStatus } = await otp.secure_session_status()
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
if (!status) { if (!status) {
@ -33,13 +34,12 @@ const useOTPModal = () => {
const cookies = useCookies(['nginx-ui-2fa']) const cookies = useCookies(['nginx-ui-2fa'])
const ssid = cookies.get('secure_session_id') const ssid = cookies.get('secure_session_id')
if (ssid) { if (ssid && secureSessionStatus) {
resolve(ssid) resolve(ssid)
secureSessionId.value = ssid secureSessionId.value = ssid
return return
} }
injectStyles() injectStyles()
let container: HTMLDivElement | null = document.createElement('div') let container: HTMLDivElement | null = document.createElement('div')
document.body.appendChild(container) document.body.appendChild(container)
@ -51,11 +51,11 @@ const useOTPModal = () => {
} }
const verify = (passcode: string, recovery: string) => { const verify = (passcode: string, recovery: string) => {
otp.start_secure_session(passcode, recovery).then(r => { otp.start_secure_session(passcode, recovery).then(async r => {
cookies.set('secure_session_id', r.session_id, { maxAge: 60 * 3 }) cookies.set('secure_session_id', r.session_id, { maxAge: 60 * 3 })
resolve(r.session_id)
close() close()
secureSessionId.value = r.session_id secureSessionId.value = r.session_id
resolve(r.session_id)
}).catch(async () => { }).catch(async () => {
refOTPAuthorization.value?.clearInput() refOTPAuthorization.value?.clearInput()
await message.error($gettext('Invalid passcode or recovery code')) await message.error($gettext('Invalid passcode or recovery code'))

6
app/src/views/preference/Preference.vue
View file

@ -11,6 +11,7 @@ import type { Settings } from '@/views/preference/typedef'
import LogrotateSettings from '@/views/preference/LogrotateSettings.vue' import LogrotateSettings from '@/views/preference/LogrotateSettings.vue'
import { useSettingsStore } from '@/pinia' import { useSettingsStore } from '@/pinia'
import AuthSettings from '@/views/preference/AuthSettings.vue' import AuthSettings from '@/views/preference/AuthSettings.vue'
import useOTPModal from '@/components/OTP/useOTPModal'
const data = ref<Settings>({ const data = ref<Settings>({
server: { server: {
@ -66,6 +67,10 @@ const refAuthSettings = ref()
async function save() { async function save() {
// fix type // fix type
data.value.server.http_challenge_port = data.value.server.http_challenge_port.toString() data.value.server.http_challenge_port = data.value.server.http_challenge_port.toString()
const otpModal = useOTPModal()
otpModal.open().then(() => {
settings.save(data.value).then(r => { settings.save(data.value).then(r => {
if (!settingsStore.is_remote) if (!settingsStore.is_remote)
server_name.value = r?.server?.name ?? '' server_name.value = r?.server?.name ?? ''
@ -77,6 +82,7 @@ async function save() {
errors.value = e.errors errors.value = e.errors
message.error(e?.message ?? $gettext('Server error')) message.error(e?.message ?? $gettext('Server error'))
}) })
})
} }
provide('data', data) provide('data', data)