diff --git a/README.md b/README.md
index 5fdcafd2992c853e78c4c5cce8b15b1015c6e1b2..dd25877e23695f07d33c7aeb79efadbcc98e0ed5 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
-Dash-FastAPI-Admin v1.3.0
+Dash-FastAPI-Admin v1.3.1
基于Dash+FastAPI前后端分离的纯Python快速开发框架
- 
+ 
@@ -15,6 +15,7 @@
+
## 平台简介
Dash-FastAPI-Admin是一套全部开源的快速开发平台,毫无保留给个人及企业免费使用。
diff --git a/dash-fastapi-backend/.env.dev b/dash-fastapi-backend/.env.dev
index 993f83b47d0c21398b19bfe68364acd6dc74cbd6..71ea2f6af4f8375da93584dff2a3c21ef245e1c2 100644
--- a/dash-fastapi-backend/.env.dev
+++ b/dash-fastapi-backend/.env.dev
@@ -10,7 +10,7 @@ APP_HOST = '0.0.0.0'
# 应用端口
APP_PORT = 9099
# 应用版本
-APP_VERSION= '1.3.0'
+APP_VERSION= '1.3.1'
# 应用是否开启热重载
APP_RELOAD = true
diff --git a/dash-fastapi-backend/.env.prod b/dash-fastapi-backend/.env.prod
index 3ec163c75331df156c1cf6a6e690c78ca8795b56..0857b79a3e9b318a90ecb0d37950eeec669eaf3e 100644
--- a/dash-fastapi-backend/.env.prod
+++ b/dash-fastapi-backend/.env.prod
@@ -2,7 +2,7 @@
# 应用运行环境
APP_ENV = 'prod'
# 应用名称
-APP_NAME = 'Dash-FasAPI'
+APP_NAME = 'Dash-FasAPI-Admin'
# 应用代理路径
APP_ROOT_PATH = '/prod-api'
# 应用主机
@@ -10,7 +10,7 @@ APP_HOST = '0.0.0.0'
# 应用端口
APP_PORT = 9099
# 应用版本
-APP_VERSION= '1.3.0'
+APP_VERSION= '1.3.1'
# 应用是否开启热重载
APP_RELOAD = false
diff --git a/dash-fastapi-backend/module_admin/service/login_service.py b/dash-fastapi-backend/module_admin/service/login_service.py
index 53b133af0c8ad6cf1d94edb93d356edae3d23c20..321ab55f1882dd70d43c152ec7a23d25c3300d5f 100644
--- a/dash-fastapi-backend/module_admin/service/login_service.py
+++ b/dash-fastapi-backend/module_admin/service/login_service.py
@@ -11,7 +11,7 @@ from module_admin.entity.vo.login_vo import *
from module_admin.dao.login_dao import *
from module_admin.service.user_service import UserService
from module_admin.dao.user_dao import *
-from config.env import JwtConfig, RedisInitKeyConfig
+from config.env import AppConfig, JwtConfig, RedisInitKeyConfig
from utils.pwd_util import *
from utils.response_util import *
from utils.message_util import *
@@ -155,6 +155,22 @@ async def logout_services(request: Request, session_id: str):
return True
+async def check_login_ip(request: Request, login_user: UserLogin):
+ """
+ 校验用户登录ip是否在黑名单内
+ :param request: Request对象
+ :param login_user: 登录用户对象
+ :return: 校验结果
+ """
+ black_ip_value = await request.app.state.redis.get(
+ f"{RedisInitKeyConfig.SYS_CONFIG.get('key')}:sys.login.blackIPList")
+ black_ip_list = black_ip_value.split(',') if black_ip_value else []
+ if login_user.login_info.get('ipaddr') in black_ip_list:
+ logger.warning("当前IP禁止登录")
+ raise LoginException(data="", message="当前IP禁止登录")
+ return True
+
+
async def check_login_captcha(request: Request, login_user: UserLogin):
"""
校验用户登录验证码
@@ -180,12 +196,18 @@ async def authenticate_user(request: Request, query_db: Session, login_user: Use
:param login_user: 登录用户对象
:return: 校验结果
"""
+ await check_login_ip(request, login_user)
account_lock = await request.app.state.redis.get(f"{RedisInitKeyConfig.ACCOUNT_LOCK.get('key')}:{login_user.user_name}")
if login_user.user_name == account_lock:
logger.warning("账号已锁定,请稍后再试")
raise LoginException(data="", message="账号已锁定,请稍后再试")
- # 判断是否开启验证码,开启则验证,否则不验证
- if login_user.captcha_enabled:
+ # 判断请求是否来自于api文档
+ request_from_swagger = request.headers.get('referer').endswith('docs') if request.headers.get('referer') else False
+ request_from_redoc = request.headers.get('referer').endswith('redoc') if request.headers.get('referer') else False
+ # 判断是否开启验证码,开启则验证,否则不验证(dev模式下来自API文档的登录请求不检验)
+ if not login_user.captcha_enabled or ((request_from_swagger or request_from_redoc) and AppConfig.app_env == 'dev'):
+ pass
+ else:
await check_login_captcha(request, login_user)
user = login_by_account(query_db, login_user.user_name)
if not user: