From 6434710957fdc462ededb6a4f4606056b4662e76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B3=E4=BD=A9=E5=BA=AD?= Date: Fri, 1 Aug 2025 13:34:19 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E7=99=BD=E5=90=8D=E5=96=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- allowed_ips.txt | 27 ++++++++- env.template | 9 +-- scripts/update-ip-whitelist.js | 102 +++++++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+), 7 deletions(-) create mode 100644 scripts/update-ip-whitelist.js diff --git a/allowed_ips.txt b/allowed_ips.txt index 71e6767..23ba357 100644 --- a/allowed_ips.txt +++ b/allowed_ips.txt @@ -18,6 +18,9 @@ - 219.87.170.253 - 125.228.50.228 +### 新增IP +- 218.161.107.138 + ## 完整IP清單(一行一個) 114.33.18.13 125.229.65.83 @@ -26,6 +29,7 @@ 211.72.69.222 219.87.170.253 125.228.50.228 +218.161.107.138 ## 防火牆規則格式 @@ -39,7 +43,8 @@ $allowedIPs = @( "220.132.236.89", "211.72.69.222", "219.87.170.253", - "125.228.50.228" + "125.228.50.228", + "218.161.107.138" ) foreach ($ip in $allowedIPs) { @@ -57,6 +62,7 @@ iptables -A INPUT -s 220.132.236.89 -j ACCEPT iptables -A INPUT -s 211.72.69.222 -j ACCEPT iptables -A INPUT -s 219.87.170.253 -j ACCEPT iptables -A INPUT -s 125.228.50.228 -j ACCEPT +iptables -A INPUT -s 218.161.107.138 -j ACCEPT ``` ## 配置文件格式 @@ -73,6 +79,7 @@ geo $allowed_ip { 211.72.69.222 1; 219.87.170.253 1; 125.228.50.228 1; + 218.161.107.138 1; } # 在 server 區塊中使用 @@ -93,6 +100,7 @@ Allow from 220.132.236.89 Allow from 211.72.69.222 Allow from 219.87.170.253 Allow from 125.228.50.228 +Allow from 218.161.107.138 ``` ## 程式碼格式 @@ -106,7 +114,8 @@ ALLOWED_IPS = [ "220.132.236.89", # 新竹 "211.72.69.222", # 新竹 "219.87.170.253", # 璟茂 - "125.228.50.228" # 璟茂 + "125.228.50.228", # 璟茂 + "218.161.107.138" # 新增IP ] ``` @@ -119,10 +128,22 @@ const allowedIPs = [ "220.132.236.89", // 新竹 "211.72.69.222", // 新竹 "219.87.170.253", // 璟茂 - "125.228.50.228" // 璟茂 + "125.228.50.228", // 璟茂 + "218.161.107.138" // 新增IP ]; ``` +## 環境變數配置 + +### .env.local 配置 +```env +# 啟用IP白名單 +ENABLE_IP_WHITELIST=true + +# 允許的IP地址(包含新增的IP) +ALLOWED_IPS=114.33.18.13,125.229.65.83,60.248.164.91,220.132.236.89,211.72.69.222,219.87.170.253,125.228.50.228,218.161.107.138 +``` + ## 安全建議 1. **定期更新**:建議定期檢查和更新IP地址清單 diff --git a/env.template b/env.template index 522a140..981e7ee 100644 --- a/env.template +++ b/env.template @@ -43,14 +43,14 @@ SUPABASE_SERVICE_ROLE_KEY=your-service-role-key-here # - 多個IP: 192.168.1.100,10.0.0.50,172.16.0.0/16 # 留空表示允許所有IP訪問 -# 範例:使用 allowed_ips.txt 中的IP地址 -# ALLOWED_IPS=114.33.18.13,125.229.65.83,60.248.164.91,220.132.236.89,211.72.69.222,219.87.170.253,125.228.50.228 +# 範例:使用 allowed_ips.txt 中的IP地址(包含新增的IP) +# ALLOWED_IPS=114.33.18.13,125.229.65.83,60.248.164.91,220.132.236.89,211.72.69.222,219.87.170.253,125.228.50.228,218.161.107.138 # 範例:本地開發(允許本地網路) -# ALLOWED_IPS=127.0.0.1,192.168.1.0/24,10.0.0.0/8 +# ALLOWED_IPS=127.0.0.1,192.168.1.0/24 # 範例:生產環境(只允許特定IP) -ALLOWED_IPS=114.33.18.13,125.229.65.83,60.248.164.91,220.132.236.89,211.72.69.222,219.87.170.253,125.228.50.228 +ALLOWED_IPS=114.33.18.13,125.229.65.83,60.248.164.91,220.132.236.89,211.72.69.222,219.87.170.253,125.228.50.228,218.161.107.138 # 是否啟用IP白名單檢查 # true: 啟用IP檢查,不在白名單內的IP將被拒絕 @@ -71,6 +71,7 @@ ENABLE_IP_WHITELIST=true # 3. 可以使用 /test/ip-debug 頁面測試IP檢測功能 # 4. IP檢測會自動處理代理伺服器轉發的真實IP # 5. 支援 IPv4 和 CIDR 格式的IP範圍 +# 6. 新增的IP: 218.161.107.138 已包含在白名單中 # ================================ # 注意事項 diff --git a/scripts/update-ip-whitelist.js b/scripts/update-ip-whitelist.js new file mode 100644 index 0000000..117da61 --- /dev/null +++ b/scripts/update-ip-whitelist.js @@ -0,0 +1,102 @@ +/** + * IP 白名單更新腳本 + * 用於快速更新環境變數中的IP白名單 + */ + +const fs = require('fs'); +const path = require('path'); + +// 新的IP地址 +const NEW_IP = '218.161.107.138'; + +// 現有的IP列表 +const EXISTING_IPS = [ + '114.33.18.13', + '125.229.65.83', + '60.248.164.91', + '220.132.236.89', + '211.72.69.222', + '219.87.170.253', + '125.228.50.228' +]; + +// 更新後的完整IP列表 +const UPDATED_IPS = [...EXISTING_IPS, NEW_IP]; + +function updateEnvFile() { + const envPath = path.join(__dirname, '..', '.env.local'); + + try { + let envContent = ''; + + // 如果 .env.local 存在,讀取內容 + if (fs.existsSync(envPath)) { + envContent = fs.readFileSync(envPath, 'utf8'); + } + + // 更新或添加 ALLOWED_IPS + const allowedIpsLine = `ALLOWED_IPS=${UPDATED_IPS.join(',')}`; + + if (envContent.includes('ALLOWED_IPS=')) { + // 替換現有的 ALLOWED_IPS 行 + envContent = envContent.replace( + /ALLOWED_IPS=.*/g, + allowedIpsLine + ); + } else { + // 添加新的 ALLOWED_IPS 行 + envContent += `\n# IP 白名單配置\n${allowedIpsLine}\n`; + } + + // 確保 ENABLE_IP_WHITELIST 設置為 true + if (!envContent.includes('ENABLE_IP_WHITELIST=')) { + envContent += 'ENABLE_IP_WHITELIST=true\n'; + } else { + envContent = envContent.replace( + /ENABLE_IP_WHITELIST=.*/g, + 'ENABLE_IP_WHITELIST=true' + ); + } + + // 寫入文件 + fs.writeFileSync(envPath, envContent); + + console.log('✅ 成功更新 .env.local 文件'); + console.log(`📝 新增的IP: ${NEW_IP}`); + console.log(`📋 完整的IP列表: ${UPDATED_IPS.join(', ')}`); + + } catch (error) { + console.error('❌ 更新 .env.local 文件時發生錯誤:', error); + } +} + +function showInstructions() { + console.log('\n📋 手動配置說明:'); + console.log('如果自動更新失敗,請手動在 .env.local 文件中設置:'); + console.log('\n```env'); + console.log('ENABLE_IP_WHITELIST=true'); + console.log(`ALLOWED_IPS=${UPDATED_IPS.join(',')}`); + console.log('```'); + console.log('\n🔄 更新後請重新啟動開發服務器:'); + console.log('npm run dev'); +} + +function main() { + console.log('🚀 IP 白名單更新工具'); + console.log('=' * 40); + + updateEnvFile(); + showInstructions(); + + console.log('\n✅ 更新完成!你的IP 218.161.107.138 現在應該可以正常訪問了。'); +} + +if (require.main === module) { + main(); +} + +module.exports = { + updateEnvFile, + UPDATED_IPS, + NEW_IP +}; \ No newline at end of file