fix: optimize IP whitelist validation logic

backend/init/router/router.go

@@ -3,14 +3,15 @@
 import (
 	"encoding/base64"
 	"fmt"
-	"github.com/1Panel-dev/1Panel/backend/app/service"
-	"github.com/1Panel-dev/1Panel/backend/constant"
-	"github.com/1Panel-dev/1Panel/cmd/server/res"
 	"net/http"
 	"regexp"
 	"strconv"
 	"strings"
 
+	"github.com/1Panel-dev/1Panel/backend/app/service"
+	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/cmd/server/res"
+
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/i18n"
 	"github.com/1Panel-dev/1Panel/backend/middleware"
@@ -30,7 +31,7 @@
 func toIndexHtml(c *gin.Context) {
 	c.Writer.Header().Set("Content-Type", "text/html; charset=utf-8")
 	c.Writer.WriteHeader(http.StatusOK)
 	_, _ = c.Writer.Write(web.IndexByte)
 	c.Writer.Flush()
 }
 
@@ -48,7 +49,7 @@
 		return true
 	}
 	for _, route := range constant.DynamicRoutes {
 		if match, _ := regexp.MatchString(route, reqUri); match {
 			return true
 		}
 	}
@@ -140,7 +141,7 @@
 			}
 			c.Writer.Header().Set("Content-Type", "text/html; charset=utf-8")
 			c.Writer.WriteHeader(http.StatusOK)
 			_, _ = c.Writer.Write(web.IndexByte)
 			c.Writer.Flush()
 		})
 	}
@@ -160,7 +161,7 @@
 }
 
 func Routers() *gin.Engine {
-	Router = gin.Default()
+	Router = gin.New()
 	Router.Use(middleware.OperationLog())
 	// Router.Use(middleware.CSRF())
 	// Router.Use(middleware.LoadCsrfToken())

backend/middleware/ip_limit.go

@@ -8,11 +8,17 @@
 	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/1Panel-dev/1Panel/backend/utils/common"
 	"github.com/gin-gonic/gin"
 )
 
 func WhiteAllow() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		clientIP := common.GetRealClientIP(c)
+		if common.IsPrivateIP(clientIP) {
+			c.Next()
+			return
+		}
 		settingRepo := repo.NewISettingRepo()
 		status, err := settingRepo.Get(settingRepo.WithByKey("AllowIPs"))
 		if err != nil {
@@ -24,7 +30,6 @@
 			c.Next()
 			return
 		}
-		clientIP := c.ClientIP()
 		for _, ip := range strings.Split(status.Value, ",") {
 			if len(ip) == 0 {
 				continue

backend/utils/common/common.go

@@ -71,7 +71,7 @@
 	for i := 0; i < n; i++ {
 		if version1s[i] == version2s[i] {
 			continue
 		} else {
 			v1, err1 := strconv.Atoi(version1s[i])
 			if err1 != nil {
 				return version1s[i] > version2s[i]
@@ -118,7 +118,7 @@
 	return y
 }
 
 func GetSortedVersions(versions []string) []string {
 	sort.Slice(versions, func(i, j int) bool {
 		return CompareVersion(versions[i], versions[j])
 	})
@@ -211,14 +211,14 @@
 func IsCrossVersion(version1, version2 string) bool {
 	version1s := strings.Split(version1, ".")
 	version2s := strings.Split(version2, ".")
 	v1num, _ := strconv.Atoi(version1s[0])
 	v2num, _ := strconv.Atoi(version2s[0])
 	return v2num > v1num
 }
 
 func GetUuid() string {
 	b := make([]byte, 16)
 	_, _ = io.ReadFull(rand.Reader, b)
 	b[6] = (b[6] & 0x0f) | 0x40
 	b[8] = (b[8] & 0x3f) | 0x80
 	return fmt.Sprintf("%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:])
@@ -326,7 +326,7 @@
 	if len(fields) != 5 {
 		return loc
 	}
 	if _, err := time.LoadLocation(fields[2]); err != nil {
 		return loc
 	}
 	return fields[2]
@@ -400,7 +400,7 @@
 	return fmt.Sprintf("%.2f%%", percent)
 }
 
 func GetLang(c *gin.Context) string {
 	lang := c.GetHeader("Accept-Language")
 	if lang == "" {
 		lang = "en"
@@ -419,10 +419,26 @@
 			res = append(res, ip)
 			continue
 		}
 		if _, _, err := net.ParseCIDR(ip); err != nil {
 			return nil, buserr.New("ErrParseIP")
 		}
 		res = append(res, ip)
 	}
 	return res, nil
 }
+
+func GetRealClientIP(c *gin.Context) string {
+	addr := c.Request.RemoteAddr
+	if ip, _, err := net.SplitHostPort(addr); err == nil {
+		return ip
+	}
+	return addr
+}
+
+func IsPrivateIP(ipStr string) bool {
+	ip := net.ParseIP(ipStr)
+	if ip == nil {
+		return false
+	}
+	return ip.IsPrivate() || ip.IsLoopback()
+}