Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
优化注销逻辑,避免可能的CSRF攻击
  • Loading branch information
zmister committed Mar 30, 2022
1 parent a5acaf8 commit ae68b59
Show file tree
Hide file tree
Showing 6 changed files with 100 additions and 10 deletions.
7 changes: 4 additions & 3 deletions app_admin/views.py
Expand Up @@ -192,20 +192,21 @@ def register(request):


# 注销
@require_POST
def log_out(request):
try:
logout(request)
project_viewcode_list = []
for c in list(request.COOKIES.keys()):
if c.startswith('viewcode-'):
project_viewcode_list.append(c)
resp = redirect(request.META['HTTP_REFERER'])
resp = request.META['HTTP_REFERER']
for c in project_viewcode_list:
resp.delete_cookie(c)
return resp
return JsonResponse({'status': True, 'data': resp})
except Exception as e:
logger.exception(_("注销异常"))
return redirect(request.META['HTTP_REFERER'])
return JsonResponse({'status':False})


# 忘记密码
Expand Down
22 changes: 21 additions & 1 deletion template/app_admin/admin_center.html
Expand Up @@ -42,7 +42,7 @@
<dd><a href="{% url 'user_center' %}">个人中心</a></dd>
{% endif %}
<dd><a href="{% url 'pro_list' %}">返回首页</a></dd>
<dd><a href="{% url 'logout' %}">退出登录</a></dd>
<dd><a href="javascript:void(0)" title="退出登录" onclick="Logout()">退出登录</a></dd>
</dl>
</li>
<!-- 主 题 配 置 -->
Expand Down Expand Up @@ -168,5 +168,25 @@
admin.render(pear_admin_config);
})
</script>
<script>
var $ = layui.jquery;
function Logout(){
$.ajax({
url:"{% url 'logout' %}",
method:'post',
headers: {"X-CSRFToken":'{{ csrf_token }}'},
success:function(r){
if(r.status){
window.location.href = '/'
}else{
layer.msg("注销失败")
}
},
error:function(){
layer.msg("注销失败")
}
})
}
</script>
</body>
</html>
22 changes: 20 additions & 2 deletions template/app_doc/head_base.html
Expand Up @@ -94,7 +94,7 @@
</a>
</dd>
<dd>
<a href="{% url 'logout' %}" title="退出登录">
<a href="javascript:void(0)" title="退出登录" onclick="Logout()">
<i class="layui-icon layui-icon-logout layui-hide-md"></i>
<span class="layui-hide-xs">{% trans "退出登录" %}</span>
</a>
Expand Down Expand Up @@ -134,4 +134,22 @@
</ul>
</div>
</div>
</div>
</div>
<script>
function Logout(){
$.ajax({
url:"{% url 'logout' %}",
method:'post',
success:function(r){
if(r.status){
window.location.href = r.data
}else{
layer.msg("注销失败")
}
},
error:function(){
layer.msg("注销失败")
}
})
}
</script>
18 changes: 17 additions & 1 deletion template/app_doc/search_result.html
Expand Up @@ -83,7 +83,7 @@
</a>
</dd>
<dd>
<a href="{% url 'logout' %}">
<a href="javascript:void(0)" title="退出登录" onclick="Logout()">
<i class="layui-icon layui-icon-release layui-hide-md"></i>
<span class="layui-hide-xs">{% trans "退出登录" %}</span>
</a>
Expand Down Expand Up @@ -394,6 +394,22 @@ <h3>
},
})
};
function Logout(){
$.ajax({
url:"{% url 'logout' %}",
method:'post',
success:function(r){
if(r.status){
window.location.href = r.data
}else{
layer.msg("注销失败")
}
},
error:function(){
layer.msg("注销失败")
}
})
}
</script>
<!-- 统计代码开始 -->
{% if debug %}
Expand Down
22 changes: 21 additions & 1 deletion template/app_doc/user/user_center.html
Expand Up @@ -41,7 +41,7 @@
<dd><a href="{% url 'admin_center' %}">{% trans "后台管理" %}</a></dd>
{% endif %}
<dd><a href="{% url 'pro_list' %}">{% trans "返回首页" %}</a></dd>
<dd><a href="{% url 'logout' %}">{% trans "退出登录" %}</a></dd>
<dd><a href="javascript:void(0)" title="退出登录" onclick="Logout()">{% trans "退出登录" %}</a></dd>
</dl>
</li>
<!-- 主 题 配 置 -->
Expand Down Expand Up @@ -167,5 +167,25 @@
admin.render(pear_admin_config);
})
</script>
<script>
var $ = layui.jquery;
function Logout(){
$.ajax({
url:"{% url 'logout' %}",
method:'post',
headers: {"X-CSRFToken":'{{ csrf_token }}'},
success:function(r){
if(r.status){
window.location.href = '/'
}else{
layer.msg("注销失败")
}
},
error:function(){
layer.msg("注销失败")
}
})
}
</script>
</body>
</html>
19 changes: 17 additions & 2 deletions template/search/search.html
Expand Up @@ -74,7 +74,7 @@
</a>
</dd>
<dd>
<a href="{% url 'logout' %}">
<a href="javascript:void(0)" title="退出登录" onclick="Logout()">
<i class="layui-icon layui-icon-release layui-hide-md"></i>
<span class="layui-hide-xs">{% trans "退出登录" %}</span>
</a>
Expand Down Expand Up @@ -305,7 +305,22 @@ <h3>
}
}
tagCurrentSearchType();

function Logout(){
$.ajax({
url:"{% url 'logout' %}",
method:'post',
success:function(r){
if(r.status){
window.location.href = r.data
}else{
layer.msg("注销失败")
}
},
error:function(){
layer.msg("注销失败")
}
})
}
</script>
<!-- 统计代码开始 -->
{% if debug %}
Expand Down

0 comments on commit ae68b59

Please sign in to comment.