1.4.5.2

2026-02-04 20:27:13 +08:00
commit 3b042d1dad
9410 changed files with 1488147 additions and 0 deletions
--- a/EdgeAdmin/internal/web/helpers/helper_lang.go
+++ b/EdgeAdmin/internal/web/helpers/helper_lang.go
@@ -0,0 +1,21 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package helpers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type LangHelper struct {
+}
+
+func (this *LangHelper) Lang(actionPtr actions.ActionWrapper, messageCode langs.MessageCode, args ...any) string {
+	var langCode = configloaders.FindAdminLang(actionPtr.Object().Session().GetInt64(teaconst.SessionAdminId))
+	if len(langCode) == 0 {
+		langCode = langs.ParseLangFromAction(actionPtr)
+	}
+	return langs.Message(langCode, messageCode, args...)
+}
--- a/EdgeAdmin/internal/web/helpers/menu.go
+++ b/EdgeAdmin/internal/web/helpers/menu.go
@@ -0,0 +1,186 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+//go:build !plus
+
+package helpers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/iwind/TeaGo/maps"
+)
+
+func FindAllMenuMaps(langCode string, nodeLogsType string, countUnreadNodeLogs int64, countUnreadIPItems int64) []maps.Map {
+	return []maps.Map{
+		{
+			"code":   "dashboard",
+			"module": configloaders.AdminModuleCodeDashboard,
+			"name":   langs.Message(langCode, codes.AdminMenu_Dashboard),
+			"icon":   "dashboard",
+		},
+		{
+			"code":     "servers",
+			"module":   configloaders.AdminModuleCodeServer,
+			"name":     langs.Message(langCode, codes.AdminMenu_Servers),
+			"subtitle": "",
+			"icon":     "clone outsize",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerAccessLogs),
+					"url":  "/servers/logs",
+					"code": "log",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerCerts),
+					"url":  "/servers/certs",
+					"code": "cert",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerGroups),
+					"url":  "/servers/groups",
+					"code": "group",
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerCachePolicies),
+					"url":  "/servers/components/cache",
+					"code": "cache",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerPurgeFetchCaches),
+					"url":  "/servers/components/cache/batch",
+					"code": "cacheBatch",
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerWAFPolicies),
+					"url":  "/servers/components/waf",
+					"code": "waf",
+				},
+				{
+					"name":  langs.Message(langCode, codes.AdminMenu_ServerIPLists),
+					"url":   "/servers/iplists",
+					"code":  "iplist",
+					"badge": countUnreadIPItems,
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerMetrics),
+					"url":  "/servers/metrics",
+					"code": "metric",
+				},
+			},
+		},
+		{
+			"code":     "clusters",
+			"module":   configloaders.AdminModuleCodeNode,
+			"name":     langs.Message(langCode, codes.AdminMenu_Nodes),
+			"subtitle": "",
+			"icon":     "cloud",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeClusters),
+					"url":  "/clusters",
+					"code": "cluster",
+				},
+				{
+					"name":  langs.Message(langCode, codes.AdminMenu_NodeLogs),
+					"url":   "/clusters/logs?type=" + nodeLogsType,
+					"code":  "log",
+					"badge": countUnreadNodeLogs,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeRegions),
+					"url":  "/clusters/regions",
+					"code": "region",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeSSHGrants),
+					"url":  "/clusters/grants",
+					"code": "grant",
+				},
+			},
+		},
+		{
+			"code":     "dns",
+			"module":   configloaders.AdminModuleCodeDNS,
+			"name":     langs.Message(langCode, codes.AdminMenu_DNS),
+			"subtitle": "",
+			"icon":     "globe",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_DNSClusters),
+					"url":  "/dns",
+					"code": "cluster",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_DNSProviders),
+					"url":  "/dns/providers",
+					"code": "provider",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_DNSIssues),
+					"url":  "/dns/issues",
+					"code": "issue",
+				},
+			},
+		},
+		{
+			"code":   "users",
+			"module": configloaders.AdminModuleCodeUser,
+			"name":   langs.Message(langCode, codes.AdminMenu_Users),
+			"icon":   "users",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_UserList),
+					"url":  "/users",
+					"code": "users",
+				},
+			},
+		},
+		{
+			"code":     "admins",
+			"module":   configloaders.AdminModuleCodeAdmin,
+			"name":     langs.Message(langCode, codes.AdminMenu_Admins),
+			"subtitle": "",
+			"icon":     "user secret",
+		},
+		{
+			"code":   "log",
+			"module": configloaders.AdminModuleCodeLog,
+			"name":   langs.Message(langCode, codes.AdminMenu_Logs),
+			"icon":   "history",
+		},
+		{
+			"code":     "settings",
+			"module":   configloaders.AdminModuleCodeSetting,
+			"name":     langs.Message(langCode, codes.AdminMenu_Settings),
+			"subtitle": "",
+			"icon":     "setting",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_SettingBasicSettings),
+					"url":  "/settings",
+					"code": "basic",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_SettingAdvancedSettings),
+					"url":  "/settings/advanced",
+					"code": "advanced",
+				},
+			},
+		},
+	}
+}
--- a/EdgeAdmin/internal/web/helpers/menu_plus.go
+++ b/EdgeAdmin/internal/web/helpers/menu_plus.go
@@ -0,0 +1,435 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+//go:build plus
+
+package helpers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeAdmin/internal/plus"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/iwind/TeaGo/maps"
+)
+
+func FindAllMenuMaps(langCode string, nodeLogsType string, countUnreadNodeLogs int64, countUnreadIPItems int64) []maps.Map {
+	// 是否显示套餐菜单
+	priceConfig, _ := configloaders.LoadUserPriceConfig()
+	var plansMenuVisible = false
+	if priceConfig != nil && priceConfig.IsOn && priceConfig.EnablePlans {
+		plansMenuVisible = true
+	}
+
+	return []maps.Map{
+		{
+			"code":   "dashboard",
+			"module": configloaders.AdminModuleCodeDashboard,
+			"name":   langs.Message(langCode, codes.AdminMenu_Dashboard),
+			"icon":   "dashboard",
+		},
+		{
+			"code":     "servers",
+			"module":   configloaders.AdminModuleCodeServer,
+			"name":     langs.Message(langCode, codes.AdminMenu_Servers),
+			"subtitle": "",
+			"icon":     "clone outsize",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerAccessLogs),
+					"url":  "/servers/logs",
+					"code": "log",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerGroups),
+					"url":  "/servers/groups",
+					"code": "group",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerCerts),
+					"url":  "/servers/certs",
+					"code": "cert",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerTrafficStats),
+					"url":  "/servers/traffic-stats",
+					"code": "trafficStat",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerCachePolicies),
+					"url":  "/servers/components/cache",
+					"code": "cache",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerPurgeFetchCaches),
+					"url":  "/servers/components/cache/batch",
+					"code": "cacheBatch",
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerWAFPolicies),
+					"url":  "/servers/components/waf",
+					"code": "waf",
+				},
+				{
+					"name":  langs.Message(langCode, codes.AdminMenu_ServerIPLists),
+					"url":   "/servers/iplists",
+					"code":  "iplist",
+					"badge": countUnreadIPItems,
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerAccessLogPolicies),
+					"url":  "/servers/accesslogs",
+					"code": "accesslog",
+					"isOn": plus.AllowComponent(plus.ComponentCodeLog),
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerMetrics),
+					"url":  "/servers/metrics",
+					"code": "metric",
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_ServerScripts),
+					"url":  "/servers/scripts",
+					"code": "script",
+					"isOn": plus.AllowComponent(plus.ComponentCodeComputing),
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_UserScripts),
+					"url":  "/servers/user-scripts",
+					"code": "userScript",
+					"isOn": plus.AllowComponent(plus.ComponentCodeComputing),
+				},
+				{
+					"name": "-",
+					"url":  "",
+					"code": "",
+				},
+			},
+		},
+		{
+			"code":     "clusters",
+			"module":   configloaders.AdminModuleCodeNode,
+			"name":     langs.Message(langCode, codes.AdminMenu_Nodes),
+			"subtitle": "",
+			"icon":     "cloud",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeClusters),
+					"url":  "/clusters",
+					"code": "cluster",
+				},
+				{
+					"name":  langs.Message(langCode, codes.AdminMenu_NodeLogs),
+					"url":   "/clusters/logs?type=" + nodeLogsType,
+					"code":  "log",
+					"badge": countUnreadNodeLogs,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeIPList),
+					"url":  "/clusters/ip-addrs",
+					"code": "ipAddr",
+					"isOn": plus.AllowComponent(plus.ComponentCodeScheduling),
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeRegions),
+					"url":  "/clusters/regions",
+					"code": "region",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeSSHGrants),
+					"url":  "/clusters/grants",
+					"code": "grant",
+				},
+				{
+					"name": "-",
+					"isOn": plus.AllowComponent(plus.ComponentCodeAntiDDoS),
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeDistributedMonitors),
+					"url":  "/clusters/monitors",
+					"code": "monitor",
+					"isOn": plus.AllowComponent(plus.ComponentCodeReporter),
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NodeAntiDDoSProducts),
+					"url":  "/clusters/anti-ddos",
+					"code": "antiDDoS",
+					"isOn": plus.AllowComponent(plus.ComponentCodeAntiDDoS),
+				},
+			},
+		},
+		{
+			"code":     "dns",
+			"module":   configloaders.AdminModuleCodeDNS,
+			"name":     langs.Message(langCode, codes.AdminMenu_DNS),
+			"subtitle": "",
+			"icon":     "globe",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_DNSClusters),
+					"url":  "/dns",
+					"code": "cluster",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_DNSProviders),
+					"url":  "/dns/providers",
+					"code": "provider",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_DNSIssues),
+					"url":  "/dns/issues",
+					"code": "issue",
+				},
+			},
+		},
+		{
+			"code":   "ns",
+			"module": configloaders.AdminModuleCodeNS,
+			"name":   langs.Message(langCode, codes.AdminMenu_NS),
+			"icon":   "cubes",
+			"isOn":   plus.AllowComponent(plus.ComponentCodeNS),
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSDomains),
+					"url":  "/ns/domains",
+					"code": "domain",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSDomainGroups),
+					"url":  "/ns/domains/groups",
+					"code": "domainGroup",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSDomainBatchOperations),
+					"url":  "/ns/domains/batch",
+					"code": "domainBatch",
+				},
+				{
+					"name": "-",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSClusters),
+					"url":  "/ns/clusters",
+					"code": "cluster",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSRoutes),
+					"url":  "/ns/routes",
+					"code": "route",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSSettings),
+					"url":  "/ns/settings",
+					"code": "setting",
+				},
+				{
+					"name": "-",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSUserPlans),
+					"url":  "/ns/userPlans",
+					"code": "userPlan",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSPlans),
+					"url":  "/ns/plans",
+					"code": "plan",
+				},
+				{
+					"name": "-",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSAccessLogs),
+					"url":  "/ns/clusters/accessLogs",
+					"code": "accessLog",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSNodeLogs),
+					"url":  "/ns/clusters/logs",
+					"code": "log",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_NSResolveTest),
+					"url":  "/ns/test",
+					"code": "test",
+				},
+			},
+		},
+		{
+			"code":   "users",
+			"module": configloaders.AdminModuleCodeUser,
+			"name":   langs.Message(langCode, codes.AdminMenu_Users),
+			"icon":   "users",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_UserList),
+					"url":  "/users",
+					"code": "users",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_UserSettings),
+					"url":  "/users/setting",
+					"code": "setting",
+					"isOn": teaconst.IsPlus,
+				},
+			},
+		},
+		{
+			"code":   "finance",
+			"module": configloaders.AdminModuleCodeFinance,
+			"name":   langs.Message(langCode, codes.AdminMenu_Finance),
+			"icon":   "yen sign",
+			"isOn":   plus.AllowComponent(plus.ComponentCodeFinance),
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_FinanceBills),
+					"url":  "/finance/bills",
+					"code": "bills",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_FinanceAccounts),
+					"url":  "/finance/accounts",
+					"code": "accounts",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_FinanceLogs),
+					"url":  "/finance/logs",
+					"code": "logs",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_FinanceOrders),
+					"url":  "/finance/orders",
+					"code": "orders",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_FinanceIncome),
+					"url":  "/finance/income",
+					"code": "income",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": "-",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_FinanceFee),
+					"url":  "/finance/fee",
+					"code": "fee",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_FinancePackages),
+					"url":  "/finance/packages",
+					"code": "package",
+					"isOn": teaconst.IsPlus,
+				},
+			},
+		},
+		{
+			"code":   "plans",
+			"module": configloaders.AdminModuleCodePlan,
+			"name":   langs.Message(langCode, codes.AdminMenu_Plans),
+			"icon":   "puzzle piece",
+			"isOn":   plus.AllowComponent(plus.ComponentCodePlan) && plansMenuVisible,
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_PlanList),
+					"url":  "/plans",
+					"code": "plans",
+					"isOn": teaconst.IsPlus,
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_PlanUserPlans),
+					"url":  "/plans/userPlans",
+					"code": "userPlans",
+					"isOn": teaconst.IsPlus,
+				},
+			},
+		},
+		{
+			"code":   "tickets",
+			"module": configloaders.AdminModuleCodeTicket,
+			"name":   langs.Message(langCode, codes.AdminMenu_Tickets),
+			"icon":   "ticket",
+			"isOn":   plus.AllowComponent(plus.ComponentCodeTicket),
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_TicketCategory),
+					"url":  "/tickets/categories",
+					"code": "categories",
+					"isOn": teaconst.IsPlus,
+				},
+			},
+		},
+		{
+			"code":     "admins",
+			"module":   configloaders.AdminModuleCodeAdmin,
+			"name":     langs.Message(langCode, codes.AdminMenu_Admins),
+			"subtitle": "",
+			"icon":     "user secret",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_AdminRecipients),
+					"url":  "/admins/recipients",
+					"code": "recipients",
+					"isOn": plus.AllowComponent(plus.ComponentCodeMonitor),
+				},
+			},
+		},
+		{
+			"code":   "log",
+			"module": configloaders.AdminModuleCodeLog,
+			"name":   langs.Message(langCode, codes.AdminMenu_Logs),
+			"icon":   "history",
+		},
+		{
+			"code":     "settings",
+			"module":   configloaders.AdminModuleCodeSetting,
+			"name":     langs.Message(langCode, codes.AdminMenu_Settings),
+			"subtitle": "",
+			"icon":     "setting",
+			"subItems": []maps.Map{
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_SettingBasicSettings),
+					"url":  "/settings",
+					"code": "basic",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_SettingAdvancedSettings),
+					"url":  "/settings/advanced",
+					"code": "advanced",
+				},
+				{
+					"name": langs.Message(langCode, codes.AdminMenu_SettingAuthority),
+					"url":  "/settings/authority",
+					"code": "authority",
+				},
+			},
+		},
+	}
+}
--- a/EdgeAdmin/internal/web/helpers/user_must_auth.go
+++ b/EdgeAdmin/internal/web/helpers/user_must_auth.go
@@ -0,0 +1,396 @@
+package helpers
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeAdmin/internal/events"
+	"github.com/TeaOSLab/EdgeAdmin/internal/goman"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeAdmin/internal/setup"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/configs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/userconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/logs"
+	"github.com/iwind/TeaGo/maps"
+	"net/http"
+	"net/url"
+	"reflect"
+	"strings"
+)
+
+var nodeLogsCountChanges = make(chan bool, 1)
+var ipItemsCountChanges = make(chan bool, 1)
+
+func NotifyNodeLogsCountChange() {
+	select {
+	case nodeLogsCountChanges <- true:
+	default:
+
+	}
+}
+
+func NotifyIPItemsCountChanges() {
+	select {
+	case ipItemsCountChanges <- true:
+	default:
+
+	}
+}
+
+// 运行日志
+var countUnreadNodeLogs int64 = 0
+var nodeLogsType = ""
+
+// IP名单
+var countUnreadIPItems int64 = 0
+
+// 安全相关
+var securityXFFPromptDisabled = false
+
+func init() {
+	events.On(events.EventStart, func() {
+		// 节点日志数量
+		goman.New(func() {
+			for range nodeLogsCountChanges {
+				rpcClient, err := rpc.SharedRPC()
+				if err != nil {
+					continue
+				}
+
+				countNodeLogsResp, err := rpcClient.NodeLogRPC().CountNodeLogs(rpcClient.Context(0), &pb.CountNodeLogsRequest{
+					Role:     nodeconfigs.NodeRoleNode,
+					IsUnread: true,
+				})
+				if err != nil {
+					logs.Error(err)
+				} else {
+					countUnreadNodeLogs = countNodeLogsResp.Count
+					if countUnreadNodeLogs > 0 {
+						if countUnreadNodeLogs >= 100 {
+							countUnreadNodeLogs = 99
+						}
+						nodeLogsType = "unread"
+					}
+				}
+			}
+		})
+
+		// 服务数量
+		goman.New(func() {
+			for range ipItemsCountChanges {
+				rpcClient, err := rpc.SharedRPC()
+				if err != nil {
+					continue
+				}
+
+				countUnreadIPItemsResp, err := rpcClient.IPItemRPC().CountAllEnabledIPItems(rpcClient.Context(0), &pb.CountAllEnabledIPItemsRequest{Unread: true})
+				if err != nil {
+					logs.Error(err)
+				} else {
+					countUnreadIPItems = countUnreadIPItemsResp.Count
+				}
+			}
+		})
+	})
+}
+
+// 认证拦截
+type userMustAuth struct {
+	AdminId int64
+	module  string
+}
+
+func NewUserMustAuth(module string) *userMustAuth {
+	return &userMustAuth{module: module}
+}
+
+func (this *userMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {
+	var action = actionPtr.Object()
+
+	// 检查请求是否合法
+	if isEvilRequest(action.Request) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
+
+	// 检测注入
+	if !safeFilterRequest(action.Request) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		_, _ = action.ResponseWriter.Write([]byte("Denied By WAF"))
+		return false
+	}
+
+	// 恢复模式
+	if teaconst.IsRecoverMode {
+		action.RedirectURL("/recover")
+		return false
+	}
+
+	// DEMO模式
+	if teaconst.IsDemoMode {
+		if action.Request.Method == http.MethodPost {
+			var actionName = action.Spec.ClassName[strings.LastIndex(action.Spec.ClassName, ".")+1:]
+			var denyPrefixes = []string{"Update", "Create", "Delete", "Truncate", "Clean", "Clear", "Reset", "Add", "Remove", "Sync", "Run", "Exec"}
+			for _, prefix := range denyPrefixes {
+				if strings.HasPrefix(actionName, prefix) {
+					action.Fail(teaconst.ErrorDemoOperation)
+					return false
+				}
+			}
+
+			if strings.Index(action.Spec.PkgPath, "settings") > 0 || strings.Index(action.Spec.PkgPath, "delete") > 0 || strings.Index(action.Spec.PkgPath, "update") > 0 {
+				action.Fail(teaconst.ErrorDemoOperation)
+				return false
+			}
+		}
+	}
+
+	// 安全相关
+	securityConfig, _ := configloaders.LoadSecurityConfig()
+	if securityConfig == nil {
+		action.AddHeader("X-Frame-Options", "SAMEORIGIN")
+	} else if len(securityConfig.Frame) > 0 {
+		action.AddHeader("X-Frame-Options", securityConfig.Frame)
+	}
+	action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")
+
+	// 检查IP
+	if !checkIP(securityConfig, loginutils.RemoteIP(action)) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
+
+	// 检查请求
+	if !checkRequestSecurity(securityConfig, action.Request) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
+
+	// 检查系统是否已经配置过
+	if !setup.IsConfigured() {
+		action.RedirectURL("/setup")
+		return
+	}
+
+	var session = action.Session()
+	var adminId = session.GetInt64(teaconst.SessionAdminId)
+
+	if adminId <= 0 {
+		var errString = session.GetString("@error")
+		if len(errString) > 0 {
+			action.WriteString("read session failed: " + errString)
+			return false
+		}
+		this.login(action)
+		return false
+	}
+
+	// 检查指纹
+	if securityConfig != nil && securityConfig.CheckClientFingerprint {
+		var clientFingerprint = session.GetString("@fingerprint")
+		if len(clientFingerprint) > 0 && clientFingerprint != loginutils.CalculateClientFingerprint(action) {
+			loginutils.UnsetCookie(action)
+			session.Delete()
+
+			this.login(action)
+			return false
+		}
+	}
+
+	// 检查区域
+	var oldClientIP = session.GetString("@ip")
+	var currentClientIP = loginutils.RemoteIP(action)
+	if len(oldClientIP) > 0 && len(currentClientIP) > 0 && oldClientIP != currentClientIP {
+		var oldRegion = loginutils.LookupIPRegion(oldClientIP)
+		var newRegion = loginutils.LookupIPRegion(currentClientIP)
+		if newRegion != oldRegion {
+			if securityConfig != nil && securityConfig.CheckClientRegion {
+				loginutils.UnsetCookie(action)
+				session.Delete()
+
+				this.login(action)
+				return false
+			} else {
+				if !lists.ContainsString([]string{"/messages/badge", "/dns/tasks/check", "/clusters/tasks/check"}, action.Request.URL.Path) {
+					// TODO 考虑IP变化时也需要验证，主要是考虑被反向代理的情形
+					action.RedirectURL("/login/validate?from=" + url.QueryEscape(action.Request.URL.String()))
+					return false
+				}
+			}
+		}
+	}
+
+	// 是否正在使用反向代理模式
+	if action.Request.Method == http.MethodGet {
+		action.Data["teaXFFPrompt"] = false
+		if !securityXFFPromptDisabled &&
+			(len(action.Header("X-Forwarded-For")) > 0 || len(action.Header("X-Real-Ip")) > 0 || len(action.Header("Cf-Connecting-Ip")) > 0) &&
+			securityConfig != nil &&
+			len(securityConfig.ClientIPHeaderNames) == 0 {
+			action.Data["teaXFFPrompt"] = true
+		}
+	}
+
+	// 检查用户是否存在
+	if !configloaders.CheckAdmin(adminId) {
+		loginutils.UnsetCookie(action)
+		session.Delete()
+
+		this.login(action)
+		return false
+	}
+
+	// 检查用户权限
+	if len(this.module) > 0 && !configloaders.AllowModule(adminId, this.module) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		action.WriteString("Permission Denied.")
+		return false
+	}
+
+	this.AdminId = adminId
+	action.Context.Set("adminId", this.AdminId)
+
+	if action.Request.Method != http.MethodGet {
+		return true
+	}
+
+	uiConfig, err := configloaders.LoadAdminUIConfig()
+	if err != nil {
+		action.WriteString(err.Error())
+		return false
+	}
+
+	// 初始化内置方法
+	action.ViewFunc("teaTitle", func() string {
+		return action.Data["teaTitle"].(string)
+	})
+
+	// 注册 jsonEncode 函数
+	action.ViewFunc("jsonEncode", func(v interface{}) string {
+		if v == nil {
+			return "null"
+		}
+		data, err := json.Marshal(v)
+		if err != nil {
+			return ""
+		}
+		return string(data)
+	})
+
+	action.Data["teaShowVersion"] = uiConfig.ShowVersion
+	action.Data["teaTitle"] = uiConfig.AdminSystemName
+	action.Data["teaName"] = uiConfig.ProductName
+	action.Data["teaFaviconFileId"] = uiConfig.FaviconFileId
+	action.Data["teaLogoFileId"] = uiConfig.LogoFileId
+	action.Data["teaUsername"] = configloaders.FindAdminFullname(adminId)
+	action.Data["teaTheme"] = configloaders.FindAdminTheme(adminId)
+
+	action.Data["teaUserAvatar"] = ""
+
+	if !action.Data.Has("teaMenu") {
+		action.Data["teaMenu"] = ""
+	}
+
+	// 语言
+	// Language
+	var lang = configloaders.FindAdminLang(adminId)
+	if len(lang) == 0 {
+		// 默认使用中文
+		lang = "zh-cn"
+	}
+	action.Data["teaLang"] = lang
+
+	action.Data["teaModules"] = this.modules(lang, actionPtr, adminId, uiConfig)
+	action.Data["teaSubMenus"] = []map[string]interface{}{}
+	action.Data["teaTabbar"] = []map[string]interface{}{}
+
+	// 注入品牌配置
+	brandConfig := configs.GetBrandConfig()
+	action.Data["brandConfig"] = brandConfig.ToMap()
+	if len(uiConfig.Version) == 0 {
+		action.Data["teaVersion"] = teaconst.Version
+	} else {
+		action.Data["teaVersion"] = uiConfig.Version
+	}
+	action.Data["teaShowOpenSourceInfo"] = uiConfig.ShowOpenSourceInfo
+	action.Data["teaIsSuper"] = false
+	action.Data["teaIsPlus"] = teaconst.IsPlus
+	action.Data["teaDemoEnabled"] = teaconst.IsDemoMode
+	action.Data["teaShowFinance"] = configloaders.ShowFinance()
+	if !action.Data.Has("teaSubMenu") {
+		action.Data["teaSubMenu"] = ""
+	}
+	action.Data["teaCheckNodeTasks"] = configloaders.AllowModule(adminId, configloaders.AdminModuleCodeNode)
+	action.Data["teaCheckDNSTasks"] = configloaders.AllowModule(adminId, configloaders.AdminModuleCodeDNS)
+
+	// 菜单
+	action.Data["firstMenuItem"] = ""
+
+	// 未读消息数
+	action.Data["teaBadge"] = 0
+
+	// 调用Init
+	initMethod := reflect.ValueOf(actionPtr).MethodByName("Init")
+	if initMethod.IsValid() {
+		initMethod.Call([]reflect.Value{})
+	}
+
+	return true
+}
+
+// 菜单配置
+func (this *userMustAuth) modules(langCode string, actionPtr actions.ActionWrapper, adminId int64, adminUIConfig *systemconfigs.AdminUIConfig) []maps.Map {
+	// 父级动作
+	var action = actionPtr.Object()
+
+	// 未读日志数
+	var mainMenu = action.Data.GetString("teaMenu")
+	if mainMenu == "clusters" {
+		select {
+		case nodeLogsCountChanges <- true:
+		default:
+		}
+	} else if mainMenu == "servers" {
+		select {
+		case ipItemsCountChanges <- true:
+		default:
+		}
+	}
+
+	var result = []maps.Map{}
+	for _, m := range FindAllMenuMaps(langCode, nodeLogsType, countUnreadNodeLogs, countUnreadIPItems) {
+		if m.GetString("code") == "finance" && !configloaders.ShowFinance() {
+			continue
+		}
+
+		var module = m.GetString("module")
+		if configloaders.AllowModule(adminId, module) {
+			if module == "ns" && !adminUIConfig.ContainsModule(userconfigs.UserModuleNS) {
+				continue
+			}
+			if lists.ContainsString([]string{
+				configloaders.AdminModuleCodeNode,
+				configloaders.AdminModuleCodeDNS,
+				configloaders.AdminModuleCodePlan,
+				configloaders.AdminModuleCodeServer,
+				configloaders.AdminModuleCodeDashboard,
+			}, module) && !adminUIConfig.ContainsModule(userconfigs.UserModuleCDN) {
+				continue
+			}
+
+			result = append(result, m)
+		}
+	}
+	return result
+}
+
+// 跳转到登录页
+func (this *userMustAuth) login(action *actions.ActionObject) {
+	action.RedirectURL("/?from=" + url.QueryEscape(action.Request.RequestURI))
+}
--- a/EdgeAdmin/internal/web/helpers/user_should_auth.go
+++ b/EdgeAdmin/internal/web/helpers/user_should_auth.go
@@ -0,0 +1,83 @@
+package helpers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
+	"github.com/iwind/TeaGo/actions"
+	"net/http"
+)
+
+type UserShouldAuth struct {
+	action *actions.ActionObject
+}
+
+func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {
+	if teaconst.IsRecoverMode {
+		actionPtr.Object().RedirectURL("/recover")
+		return false
+	}
+
+	this.action = actionPtr.Object()
+
+	// 检查请求是否合法
+	if isEvilRequest(this.action.Request) {
+		this.action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
+
+	// 检测注入
+	if !safeFilterRequest(this.action.Request) {
+		this.action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		_, _ = this.action.ResponseWriter.Write([]byte("Denied By WAF"))
+		return false
+	}
+
+	// 安全相关
+	var action = this.action
+	securityConfig, _ := configloaders.LoadSecurityConfig()
+	if securityConfig == nil {
+		action.AddHeader("X-Frame-Options", "SAMEORIGIN")
+	} else if len(securityConfig.Frame) > 0 {
+		action.AddHeader("X-Frame-Options", securityConfig.Frame)
+	}
+	action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")
+
+	// 检查IP
+	if !checkIP(securityConfig, loginutils.RemoteIP(action)) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
+
+	// 检查请求
+	if !checkRequestSecurity(securityConfig, action.Request) {
+		action.ResponseWriter.WriteHeader(http.StatusForbidden)
+		return false
+	}
+
+	return true
+}
+
+// StoreAdmin 存储用户名到SESSION
+func (this *UserShouldAuth) StoreAdmin(adminId int64, remember bool, localSid string) {
+	loginutils.SetCookie(this.action, remember)
+	var session = this.action.Session()
+	session.Write("adminId", numberutils.FormatInt64(adminId))
+	session.Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action))
+	session.Write("@ip", loginutils.RemoteIP(this.action))
+	session.Write("@localSid", localSid)
+}
+
+func (this *UserShouldAuth) IsUser() bool {
+	return this.action.Session().GetInt("adminId") > 0
+}
+
+func (this *UserShouldAuth) AdminId() int {
+	return this.action.Session().GetInt("adminId")
+}
+
+func (this *UserShouldAuth) Logout() {
+	loginutils.UnsetCookie(this.action)
+	this.action.Session().Delete()
+}
--- a/EdgeAdmin/internal/web/helpers/utils.go
+++ b/EdgeAdmin/internal/web/helpers/utils.go
@@ -0,0 +1,170 @@
+package helpers
+
+import (
+	"bytes"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/events"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/regionconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/logs"
+	"net"
+	"net/http"
+	"net/url"
+	"regexp"
+	"sync"
+)
+
+var ipCacheMap = map[string]bool{} // ip => bool
+var ipCacheLocker = sync.Mutex{}
+
+func init() {
+	events.On(events.EventSecurityConfigChanged, func() {
+		ipCacheLocker.Lock()
+		ipCacheMap = map[string]bool{}
+		ipCacheLocker.Unlock()
+	})
+}
+
+// DisableXFFPrompt 停用XFF提示
+func DisableXFFPrompt() {
+	securityXFFPromptDisabled = true
+}
+
+// 检查用户IP并支持缓存
+func checkIP(config *systemconfigs.SecurityConfig, ipAddr string) bool {
+	ipCacheLocker.Lock()
+	ipCache, ok := ipCacheMap[ipAddr]
+	if ok && ipCache {
+		ipCacheLocker.Unlock()
+		return ipCache
+	}
+	ipCacheLocker.Unlock()
+
+	result := checkIPWithoutCache(config, ipAddr)
+	ipCacheLocker.Lock()
+
+	// 缓存的内容不能过多
+	if len(ipCacheMap) > 100_000 {
+		ipCacheMap = map[string]bool{}
+	}
+
+	ipCacheMap[ipAddr] = result
+	ipCacheLocker.Unlock()
+	return result
+}
+
+// 检查用户IP
+func checkIPWithoutCache(config *systemconfigs.SecurityConfig, ipAddr string) bool {
+	if config == nil {
+		return true
+	}
+
+	// 本地IP
+	ipObj := net.ParseIP(ipAddr)
+	if ipObj == nil {
+		logs.Println("[USER_MUST_AUTH]parse ip: invalid client address: " + ipAddr)
+		return false
+	}
+	ip := ipObj.To4()
+	if ip == nil {
+		// IPv6
+		ip = ipObj.To16()
+		if ip == nil {
+			logs.Println("[USER_MUST_AUTH]invalid client address: " + ipAddr)
+			return false
+		}
+	}
+	if config.AllowLocal && utils.IsLocalIP(ip) {
+		return true
+	}
+
+	// 检查位置
+	if len(config.AllowCountryIds) > 0 || len(config.AllowProvinceIds) > 0 {
+		var userRegion = iplibrary.Lookup(ip)
+		if userRegion == nil || !userRegion.IsOk() {
+			return false
+		}
+		if len(config.AllowCountryIds) > 0 {
+			// 检查大中华区
+			var found = false
+			for _, countryId := range config.AllowCountryIds {
+				if regionconfigs.MatchUserRegion(userRegion.CountryId(), userRegion.ProvinceId(), countryId) {
+					found = true
+					break
+				}
+			}
+
+			if !found {
+				return false
+			}
+		}
+		if len(config.AllowProvinceIds) > 0 && !lists.ContainsInt64(config.AllowProvinceIds, userRegion.ProvinceId()) {
+			return false
+		}
+	}
+
+	// 检查单独允许的IP
+	if len(config.AllowIPRanges()) > 0 {
+		for _, r := range config.AllowIPRanges() {
+			if r.Contains(ipAddr) {
+				return true
+			}
+		}
+		return false
+	}
+
+	return true
+}
+
+// 请求检查相关正则
+var searchEngineRegex = regexp.MustCompile(`(?i)(60spider|adldxbot|adsbot-google|applebot|admantx|alexa|baidu|bingbot|bingpreview|facebookexternalhit|googlebot|proximic|slurp|sogou|twitterbot|yandex)`)
+var spiderRegexp = regexp.MustCompile(`(?i)(python|pycurl|http-client|httpclient|apachebench|nethttp|http_request|java|perl|ruby|scrapy|php|rust|curl|wget)`) // 其中增加了curl和wget
+
+// 检查请求
+func checkRequestSecurity(securityConfig *systemconfigs.SecurityConfig, req *http.Request) bool {
+	if securityConfig == nil {
+		return true
+	}
+
+	var userAgent = req.UserAgent()
+	var refererURL = req.Referer()
+	var referHost = ""
+	u, err := url.Parse(refererURL)
+	if err == nil {
+		referHost = u.Host
+	}
+
+	// 检查搜索引擎
+	if securityConfig.DenySearchEngines && (len(userAgent) == 0 || searchEngineRegex.MatchString(userAgent) || (len(referHost) > 0 && searchEngineRegex.MatchString(referHost))) {
+		return false
+	}
+
+	// 检查爬虫
+	if securityConfig.DenySpiders && (len(userAgent) == 0 || spiderRegexp.MatchString(userAgent) || (len(referHost) > 0 && spiderRegexp.MatchString(referHost))) {
+		return false
+	}
+
+	// 检查允许访问的域名
+	if len(securityConfig.AllowDomains) > 0 {
+		var domain = req.Host
+		realDomain, _, err := net.SplitHostPort(domain)
+		if err == nil && len(realDomain) > 0 {
+			domain = realDomain
+		}
+		if !configutils.MatchDomains(securityConfig.AllowDomains, domain) {
+			return false
+		}
+	}
+
+	return true
+}
+
+// 检查是否为禁止的请求
+func isEvilRequest(req *http.Request) bool {
+	var headersJSON, _ = json.Marshal(req.Header)
+	return bytes.Contains(headersJSON, []byte("fofa."))
+}
--- a/EdgeAdmin/internal/web/helpers/utils_gcc.go
+++ b/EdgeAdmin/internal/web/helpers/utils_gcc.go
@@ -0,0 +1,14 @@
+// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build gcc
+
+package helpers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/waf/injectionutils"
+	"net/http"
+)
+
+// filter request
+func safeFilterRequest(req *http.Request) bool {
+	return !injectionutils.DetectXSS(req.RequestURI, false) && !injectionutils.DetectSQLInjection(req.RequestURI, false)
+}
--- a/EdgeAdmin/internal/web/helpers/utils_none_gcc.go
+++ b/EdgeAdmin/internal/web/helpers/utils_none_gcc.go
@@ -0,0 +1,13 @@
+// Copyright 2024 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !gcc
+
+package helpers
+
+import (
+	"net/http"
+)
+
+// filter request
+func safeFilterRequest(req *http.Request) bool {
+	return true
+}