添加hostname检查支持

web/conf/app-config-sample.conf

@@ -17,6 +17,10 @@ perloadcount = 500
 # Debug : 7
 loglevel=6
 
+# 设置hostname, 如果没设置则不会验证
+# 如果设置了，只有该host可以访问web页面,多个host以逗号隔开
+ylhostname = ""
+
 # 后台登录用户名
 username = "yulong"
 # passwordhex为登录密码的32位md5，默认密码为(带句号): All_life_is_a_game_of_luck. 

web/controllers/agentapi.go

@@ -1,10 +1,10 @@
 package controllers
 
-import "net/url"
-
 import (
+	"net/url"
 	"strings"
 	"yulong-hids/web/models"
+	"yulong-hids/web/utils"
 
 	"github.com/astaxie/beego"
 	"gopkg.in/mgo.v2/bson"
@@ -18,6 +18,17 @@ type AgentApiController struct {
 // Get agent will get publickey content and serverlist here
 func (c *AgentApiController) Get() {
 
+	// check hostname
+	hostname := beego.AppConfig.String("ylhostname")
+	allowHosts := strings.Split(hostname, ",")
+	if hostname != "" && !utils.StringInSlice(c.Ctx.Input.Host(), allowHosts) {
+		beego.Error("Hostname not correct.")
+		c.Ctx.Output.SetStatus(403)
+		c.Data["json"] = "Forbidden"
+		c.ServeJSON()
+		return
+	}
+
 	currentURL := c.Ctx.Request.RequestURI
 
 	if strings.Contains(currentURL, "publickey") {

web/controllers/base.go

@@ -1,6 +1,7 @@
 package controllers
 
 import (
+	"strings"
 	"yulong-hids/web/settings"
 	"yulong-hids/web/utils"
 
@@ -17,6 +18,17 @@ type BaseController struct {
 // Prepare access Control, 2FA, csrf check and other security options
 func (c *BaseController) Prepare() {
 
+	// check hostname
+	hostname := beego.AppConfig.String("ylhostname")
+	allowHosts := strings.Split(hostname, ",")
+	if hostname != "" && !utils.StringInSlice(c.Ctx.Input.Host(), allowHosts) {
+		beego.Error("Hostname not correct.")
+		c.Ctx.Output.SetStatus(403)
+		c.Data["json"] = "Forbidden"
+		c.ServeJSON()
+		return
+	}
+
 	// only https be allowed
 	HTTPSOnly, _ := beego.AppConfig.Bool("OnlyHTTPS")
 	if HTTPSOnly && c.Ctx.Input.Scheme() != "https" &&