fix: delete HmacSignAuthMiddleware

This commit is contained in:
Bai
2026-05-12 17:35:17 +08:00
parent c10208bac6
commit af53bda90f
2 changed files with 0 additions and 68 deletions

View File

@@ -203,70 +203,3 @@ class CsrfCheckMiddleware(CsrfViewMiddleware):
request._dont_enforce_csrf_checks = True
return True
return super()._origin_verified(request)
class HmacSignAuthMiddleware:
"""
在响应中写入客户端可读会话状态 Cookiejms_session_sign
供边缘代理、网关或安全设备(含 WAF基于 Cookie 做访问策略,不特指某一种产品。
取值约定(均为非空,便于写规则):
- 已登录:<hex_hmac>:<username>|<session_id>HMAC 与 text_hmac_sha256 一致(消息会先 strip/lower
- 有会话 Cookie 但未认证expired含会话过期、登出后会话仍存在、或仅匿名会话等
- 请求未带会话 Cookieunauth首次访问等
"""
SIGN_COOKIE_NAME = 'jms_session_sign'
MARKER_UNAUTH = 'unauth'
MARKER_EXPIRED = 'expired'
def __init__(self, get_response):
self.get_response = get_response
enabled = os.getenv("HMAC_SIGN_AUTH_ENABLED", "").lower() in ("1", "true", "yes")
key_file_path = os.path.join(settings.PROJECT_DIR, "data", "unshare", "hmac.key")
if os.path.isfile(key_file_path):
with open(key_file_path, 'r') as f:
self.hmac_sign_key = f.read().strip()
else:
self.hmac_sign_key = os.getenv("HMAC_SIGN_KEY", "")
if not enabled or not self.hmac_sign_key:
raise MiddlewareNotUsed
def __call__(self, request):
response = self.get_response(request)
return self._set_session_sign_cookie(request, response)
def _set_session_sign_cookie(self, request, response):
session_cookie_name = settings.SESSION_COOKIE_NAME
has_session_cookie = bool(request.COOKIES.get(session_cookie_name))
if request.user.is_authenticated:
session_id = request.session.session_key
# request.user 可能为 IntegrationApplication对象
username = getattr(request.user, 'username', None) or getattr(request.user, 'name', None)
sign_data = f'{username}|{session_id}'
elif request.path == '/api/v1/authentication/tokens/' \
and response.status_code == 201:
user = response.data.get('user')
if not user:
sign_data = ''
else:
sign_data = f'{user["username"]}:{user["id"]}'
else:
sign_data = ''
if sign_data:
signature = text_hmac_sha256(sign_data, self.hmac_sign_key)
value = f'{signature}:{sign_data}'
elif has_session_cookie:
value = self.MARKER_EXPIRED
else:
value = self.MARKER_UNAUTH
response.set_cookie(
self.SIGN_COOKIE_NAME,
value,
)
return response

View File

@@ -190,7 +190,6 @@ MIDDLEWARE = [
'authentication.middleware.MFAMiddleware',
'authentication.middleware.ThirdPartyLoginMiddleware',
'authentication.middleware.SessionCookieMiddleware',
'jumpserver.middleware.HmacSignAuthMiddleware',
'simple_history.middleware.HistoryRequestMiddleware',
'jumpserver.middleware.SafeRedirectMiddleware',
*POST_CUSTOM_MIDDLEWARES,