diff --git a/README.md b/README.md
index 5fdcafd..dd25877 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
-Dash-FastAPI-Admin v1.3.0
+Dash-FastAPI-Admin v1.3.1
基于Dash+FastAPI前后端分离的纯Python快速开发框架
- 
+ 
@@ -15,6 +15,7 @@
+
## 平台简介
Dash-FastAPI-Admin是一套全部开源的快速开发平台,毫无保留给个人及企业免费使用。
diff --git a/dash-fastapi-backend/.env.dev b/dash-fastapi-backend/.env.dev
index 993f83b..71ea2f6 100644
--- a/dash-fastapi-backend/.env.dev
+++ b/dash-fastapi-backend/.env.dev
@@ -10,7 +10,7 @@ APP_HOST = '0.0.0.0'
# 应用端口
APP_PORT = 9099
# 应用版本
-APP_VERSION= '1.3.0'
+APP_VERSION= '1.3.1'
# 应用是否开启热重载
APP_RELOAD = true
diff --git a/dash-fastapi-backend/.env.prod b/dash-fastapi-backend/.env.prod
index 3ec163c..0857b79 100644
--- a/dash-fastapi-backend/.env.prod
+++ b/dash-fastapi-backend/.env.prod
@@ -2,7 +2,7 @@
# 应用运行环境
APP_ENV = 'prod'
# 应用名称
-APP_NAME = 'Dash-FasAPI'
+APP_NAME = 'Dash-FasAPI-Admin'
# 应用代理路径
APP_ROOT_PATH = '/prod-api'
# 应用主机
@@ -10,7 +10,7 @@ APP_HOST = '0.0.0.0'
# 应用端口
APP_PORT = 9099
# 应用版本
-APP_VERSION= '1.3.0'
+APP_VERSION= '1.3.1'
# 应用是否开启热重载
APP_RELOAD = false
diff --git a/dash-fastapi-backend/module_admin/service/login_service.py b/dash-fastapi-backend/module_admin/service/login_service.py
index 53b133a..321ab55 100644
--- a/dash-fastapi-backend/module_admin/service/login_service.py
+++ b/dash-fastapi-backend/module_admin/service/login_service.py
@@ -11,7 +11,7 @@
from module_admin.dao.login_dao import *
from module_admin.service.user_service import UserService
from module_admin.dao.user_dao import *
-from config.env import JwtConfig, RedisInitKeyConfig
+from config.env import AppConfig, JwtConfig, RedisInitKeyConfig
from utils.pwd_util import *
from utils.response_util import *
from utils.message_util import *
@@ -155,6 +155,22 @@ async def logout_services(request: Request, session_id: str):
return True
+async def check_login_ip(request: Request, login_user: UserLogin):
+ """
+ 校验用户登录ip是否在黑名单内
+ :param request: Request对象
+ :param login_user: 登录用户对象
+ :return: 校验结果
+ """
+ black_ip_value = await request.app.state.redis.get(
+ f"{RedisInitKeyConfig.SYS_CONFIG.get('key')}:sys.login.blackIPList")
+ black_ip_list = black_ip_value.split(',') if black_ip_value else []
+ if login_user.login_info.get('ipaddr') in black_ip_list:
+ logger.warning("当前IP禁止登录")
+ raise LoginException(data="", message="当前IP禁止登录")
+ return True
+
+
async def check_login_captcha(request: Request, login_user: UserLogin):
"""
校验用户登录验证码
@@ -180,12 +196,18 @@ async def authenticate_user(request: Request, query_db: Session, login_user: Use
:param login_user: 登录用户对象
:return: 校验结果
"""
+ await check_login_ip(request, login_user)
account_lock = await request.app.state.redis.get(f"{RedisInitKeyConfig.ACCOUNT_LOCK.get('key')}:{login_user.user_name}")
if login_user.user_name == account_lock:
logger.warning("账号已锁定,请稍后再试")
raise LoginException(data="", message="账号已锁定,请稍后再试")
- # 判断是否开启验证码,开启则验证,否则不验证
- if login_user.captcha_enabled:
+ # 判断请求是否来自于api文档
+ request_from_swagger = request.headers.get('referer').endswith('docs') if request.headers.get('referer') else False
+ request_from_redoc = request.headers.get('referer').endswith('redoc') if request.headers.get('referer') else False
+ # 判断是否开启验证码,开启则验证,否则不验证(dev模式下来自API文档的登录请求不检验)
+ if not login_user.captcha_enabled or ((request_from_swagger or request_from_redoc) and AppConfig.app_env == 'dev'):
+ pass
+ else:
await check_login_captcha(request, login_user)
user = login_by_account(query_db, login_user.user_name)
if not user: