Merge remote-tracking branch 'origin/shiy-login' into shiy-login
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
import { type ActionFunctionArgs, json } from "@remix-run/node";
|
||||
import { OAuthClient } from "~/api/login/oauth-client";
|
||||
import { OAUTH_CONFIG } from "~/config/api-config";
|
||||
import { validateRequest, logSecurityEvent } from "~/middleware/host-validation";
|
||||
|
||||
/**
|
||||
* 这个Action作为获取OAuth Access Token的服务器端代理。
|
||||
@@ -8,7 +9,15 @@ import { OAUTH_CONFIG } from "~/config/api-config";
|
||||
* 以避免在网络策略限制服务器直接访问外部服务时出现问题。
|
||||
*/
|
||||
export async function action({ request }: ActionFunctionArgs) {
|
||||
// 1. 只允许POST请求
|
||||
// 1. Host头验证
|
||||
const hostValidation = validateRequest(request);
|
||||
if (!hostValidation.valid) {
|
||||
logSecurityEvent('host_validation_failed', hostValidation.error || 'Unknown validation error', request);
|
||||
console.error('❌ OAuth Token API Host验证失败:', hostValidation.error);
|
||||
return json({ success: false, error: "Forbidden: Invalid Host header" }, { status: 403 });
|
||||
}
|
||||
|
||||
// 2. 只允许POST请求
|
||||
if (request.method !== "POST") {
|
||||
return json({ success: false, error: "Method Not Allowed" }, { status: 405 });
|
||||
}
|
||||
|
||||
@@ -1,12 +1,22 @@
|
||||
import { type ActionFunctionArgs, json } from "@remix-run/node";
|
||||
import { OAuthClient } from "~/api/login/oauth-client";
|
||||
import { OAUTH_CONFIG } from "~/config/api-config";
|
||||
import { validateRequest, logSecurityEvent } from "~/middleware/host-validation";
|
||||
|
||||
/**
|
||||
* 这个Action作为获取用户信息的服务器端代理。
|
||||
* 它接收来自前端的`access_token`,然后在后端安全地获取用户信息。
|
||||
*/
|
||||
export async function action({ request }: ActionFunctionArgs) {
|
||||
// 1. Host头验证
|
||||
const hostValidation = validateRequest(request);
|
||||
if (!hostValidation.valid) {
|
||||
logSecurityEvent('host_validation_failed', hostValidation.error || 'Unknown validation error', request);
|
||||
console.error('❌ OAuth UserInfo API Host验证失败:', hostValidation.error);
|
||||
return json({ success: false, error: "Forbidden: Invalid Host header" }, { status: 403 });
|
||||
}
|
||||
|
||||
// 2. 只允许POST请求
|
||||
if (request.method !== "POST") {
|
||||
return json({ success: false, error: "Method Not Allowed" }, { status: 405 });
|
||||
}
|
||||
|
||||
+17
-2
@@ -1,8 +1,23 @@
|
||||
import { type LoaderFunctionArgs, redirect } from "@remix-run/node";
|
||||
import { createUserSession, saveUserInfo } from "~/api/login/auth.server";
|
||||
import { createUserSession, saveUserInfo, type UserRole } from "~/api/login/auth.server";
|
||||
import { JWTUtils, type UserInfoForJWT } from "~/utils/jwt";
|
||||
import { validateRequest, logSecurityEvent } from "~/middleware/host-validation";
|
||||
|
||||
export async function loader({ request }: LoaderFunctionArgs) {
|
||||
// ==================== Host头验证 ====================
|
||||
// OAuth回调是安全敏感的操作,需要严格验证请求来源
|
||||
const hostValidation = validateRequest(request);
|
||||
if (!hostValidation.valid) {
|
||||
// 记录安全事件
|
||||
logSecurityEvent('host_validation_failed', hostValidation.error || 'Unknown validation error', request);
|
||||
|
||||
console.error('❌ OAuth回调Host验证失败:', hostValidation.error);
|
||||
return redirect("/login?error=invalid_host");
|
||||
}
|
||||
|
||||
// console.log('✅ OAuth回调Host验证通过');
|
||||
// ==================== Host头验证结束 ====================
|
||||
|
||||
const url = new URL(request.url);
|
||||
const origin = url.origin; // 获取请求的源 (e.g., "http://10.79.97.17:51703")
|
||||
const code = url.searchParams.get("code");
|
||||
@@ -143,7 +158,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
||||
// 使用统一的session创建函数
|
||||
return createUserSession({
|
||||
isAuthenticated: true,
|
||||
userRole: userRole as 'common' | 'developer',
|
||||
userRole: userRole as UserRole,
|
||||
redirectTo,
|
||||
accessToken: tokenResponse.access_token,
|
||||
refreshToken: tokenResponse.refresh_token,
|
||||
|
||||
Reference in New Issue
Block a user