feat: 安全移除IP白名单环境变量

2026-05-07 05:47:24 +08:00 · 2026-03-15 21:30:49 +08:00
parent fd291a2250
commit fc38627b43
4 changed files with 1 additions and 11 deletions
--- a/README.md
+++ b/README.md
@@ -114,7 +114,7 @@ docker run -d \
 | `SSL_CERT_PATH` | HTTPS证书文件路径 | - | 当 `ENABLE_HTTPS=2` 时必须配置 |
 | `SSL_KEY_PATH` | HTTPS私钥文件路径 | - | 当 `ENABLE_HTTPS=2` 时必须配置 |

-注意: **docker默认不启用ipv6，请自行配置或者使用支持ipv6的跳板机中转.**
+注意: **docker默认不启用ipv6，请参考Q&A配置或者使用支持ipv6的跳板机中转.**

 ## 监控服务安装

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,7 +13,6 @@ services:
      - DEBUG=1
      - GUACD_HOST=easynode-guacd
      - GUACD_PORT=4822
-      - allowedIPs=127.0.0.1,192.168,255.
      - HTTP_PORT=8082
      - RDP_PORT=8083
      - ENABLE_HTTPS=0
--- a/server/.env.template
+++ b/server/.env.template
@@ -1,9 +1,6 @@
 # 启动debug日志 0：关闭 1：开启
 DEBUG=1

-# 访问IP限制
-allowedIPs=127.0.0.1,192.168,255.
-
 # http端口
 HTTP_PORT=8082

--- a/server/app/db.js
+++ b/server/app/db.js
@@ -16,12 +16,6 @@ async function initKeyDB() {
    }

    const { _id, ipWhiteList = [] } = keyData
-    let allowedIPs = process.env.ALLOWED_IPS ? process.env.ALLOWED_IPS.split(',') : []
-    if (allowedIPs.length > 0) {
-      logger.info('[存在白名单IP环境变量,合并到本地数据库中]')
-      allowedIPs = [...new Set([...ipWhiteList, ...allowedIPs])].filter(item => item)
-      await keyDB.updateAsync({ _id }, { $set: { ipWhiteList: allowedIPs } })
-    }
    try {
      let { ipWhiteList = [] } = await keyDB.findOneAsync({})
      if (ipWhiteList.length > 0) global.ALLOWED_IPS = ipWhiteList