!21 Dash-FastAPI-Admin v1.3.1

insistence · gitee-org · commit 9e2f8e6cf890 · 2024-03-07T02:35:57.000Z
Merge pull request !21 from insistence/develop
diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
 <p align="center">
 	<img alt="logo" src="https://oscimg.oschina.net/oscnet/up-d3d0a9303e11d522a06cd263f3079027715.png">
 </p>
-<h1 align="center" style="margin: 30px 0 30px; font-weight: bold;">Dash-FastAPI-Admin v1.3.0</h1>
+<h1 align="center" style="margin: 30px 0 30px; font-weight: bold;">Dash-FastAPI-Admin v1.3.1</h1>
 <h4 align="center">基于Dash+FastAPI前后端分离的纯Python快速开发框架</h4>
 <p align="center">
 	<a href="https://gitee.com/insistence2022/dash-fastapi-admin/stargazers"><img src="https://gitee.com/insistence2022/dash-fastapi-admin/badge/star.svg?theme=dark"></a>
     <a href="https://github.com/insistence/Dash-FastAPI-Admin"><img src="https://img.shields.io/github/stars/insistence/Dash-FastAPI-Admin?style=social"></a>
-	<a href="https://gitee.com/insistence2022/dash-fastapi-admin"><img src="https://img.shields.io/badge/DashFastAPIAdmin-v1.3.0-brightgreen.svg"></a>
+	<a href="https://gitee.com/insistence2022/dash-fastapi-admin"><img src="https://img.shields.io/badge/DashFastAPIAdmin-v1.3.1-brightgreen.svg"></a>
 	<a href="https://gitee.com/insistence2022/dash-fastapi-admin/blob/master/LICENSE"><img src="https://img.shields.io/github/license/mashape/apistatus.svg"></a>
     <img src="https://img.shields.io/badge/python-3.8 | 3.9-blue">
     <img src="https://img.shields.io/badge/MySQL-≥5.7-blue">
@@ -15,6 +15,7 @@
 
 
 
+
 ## 平台简介
 
 Dash-FastAPI-Admin是一套全部开源的快速开发平台，毫无保留给个人及企业免费使用。
diff --git a/dash-fastapi-backend/.env.dev b/dash-fastapi-backend/.env.dev
@@ -10,7 +10,7 @@ APP_HOST = '0.0.0.0'
 # 应用端口
 APP_PORT = 9099
 # 应用版本
-APP_VERSION= '1.3.0'
+APP_VERSION= '1.3.1'
 # 应用是否开启热重载
 APP_RELOAD = true
 
diff --git a/dash-fastapi-backend/.env.prod b/dash-fastapi-backend/.env.prod
@@ -2,15 +2,15 @@
 # 应用运行环境
 APP_ENV = 'prod'
 # 应用名称
-APP_NAME = 'Dash-FasAPI'
+APP_NAME = 'Dash-FasAPI-Admin'
 # 应用代理路径
 APP_ROOT_PATH = '/prod-api'
 # 应用主机
 APP_HOST = '0.0.0.0'
 # 应用端口
 APP_PORT = 9099
 # 应用版本
-APP_VERSION= '1.3.0'
+APP_VERSION= '1.3.1'
 # 应用是否开启热重载
 APP_RELOAD = false
 
diff --git a/dash-fastapi-backend/module_admin/service/login_service.py b/dash-fastapi-backend/module_admin/service/login_service.py
@@ -11,7 +11,7 @@
 from module_admin.dao.login_dao import *
 from module_admin.service.user_service import UserService
 from module_admin.dao.user_dao import *
-from config.env import JwtConfig, RedisInitKeyConfig
+from config.env import AppConfig, JwtConfig, RedisInitKeyConfig
 from utils.pwd_util import *
 from utils.response_util import *
 from utils.message_util import *
@@ -155,6 +155,22 @@ async def logout_services(request: Request, session_id: str):
     return True
 
 
+async def check_login_ip(request: Request, login_user: UserLogin):
+    """
+    校验用户登录ip是否在黑名单内
+    :param request: Request对象
+    :param login_user: 登录用户对象
+    :return: 校验结果
+    """
+    black_ip_value = await request.app.state.redis.get(
+        f"{RedisInitKeyConfig.SYS_CONFIG.get('key')}:sys.login.blackIPList")
+    black_ip_list = black_ip_value.split(',') if black_ip_value else []
+    if login_user.login_info.get('ipaddr') in black_ip_list:
+        logger.warning("当前IP禁止登录")
+        raise LoginException(data="", message="当前IP禁止登录")
+    return True
+
+
 async def check_login_captcha(request: Request, login_user: UserLogin):
     """
     校验用户登录验证码
@@ -180,12 +196,18 @@ async def authenticate_user(request: Request, query_db: Session, login_user: Use
     :param login_user: 登录用户对象
     :return: 校验结果
     """
+    await check_login_ip(request, login_user)
     account_lock = await request.app.state.redis.get(f"{RedisInitKeyConfig.ACCOUNT_LOCK.get('key')}:{login_user.user_name}")
     if login_user.user_name == account_lock:
         logger.warning("账号已锁定，请稍后再试")
         raise LoginException(data="", message="账号已锁定，请稍后再试")
-    # 判断是否开启验证码，开启则验证，否则不验证
-    if login_user.captcha_enabled:
+    # 判断请求是否来自于api文档
+    request_from_swagger = request.headers.get('referer').endswith('docs') if request.headers.get('referer') else False
+    request_from_redoc = request.headers.get('referer').endswith('redoc') if request.headers.get('referer') else False
+    # 判断是否开启验证码，开启则验证，否则不验证（dev模式下来自API文档的登录请求不检验）
+    if not login_user.captcha_enabled or ((request_from_swagger or request_from_redoc) and AppConfig.app_env == 'dev'):
+        pass
+    else:
         await check_login_captcha(request, login_user)
     user = login_by_account(query_db, login_user.user_name)
     if not user:
