添加严格的域名访问限制

This commit is contained in:
2025-09-16 12:08:27 +08:00
parent acb717c342
commit 18f22fc796
7 changed files with 322 additions and 4 deletions
+17 -2
View File
@@ -1,8 +1,23 @@
import { type LoaderFunctionArgs, redirect } from "@remix-run/node";
import { createUserSession, saveUserInfo } from "~/api/login/auth.server";
import { createUserSession, saveUserInfo, type UserRole } from "~/api/login/auth.server";
import { JWTUtils, type UserInfoForJWT } from "~/utils/jwt";
import { validateRequest, logSecurityEvent } from "~/middleware/host-validation";
export async function loader({ request }: LoaderFunctionArgs) {
// ==================== Host头验证 ====================
// OAuth回调是安全敏感的操作,需要严格验证请求来源
const hostValidation = validateRequest(request);
if (!hostValidation.valid) {
// 记录安全事件
logSecurityEvent('host_validation_failed', hostValidation.error || 'Unknown validation error', request);
console.error('❌ OAuth回调Host验证失败:', hostValidation.error);
return redirect("/login?error=invalid_host");
}
// console.log('✅ OAuth回调Host验证通过');
// ==================== Host头验证结束 ====================
const url = new URL(request.url);
const origin = url.origin; // 获取请求的源 (e.g., "http://10.79.97.17:51703")
const code = url.searchParams.get("code");
@@ -143,7 +158,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
// 使用统一的session创建函数
return createUserSession({
isAuthenticated: true,
userRole: userRole as 'common' | 'developer',
userRole: userRole as UserRole,
redirectTo,
accessToken: tokenResponse.access_token,
refreshToken: tokenResponse.refresh_token,