Add multi-IP binding modes and deployment guide

2026-03-04 15:30:13 +08:00
parent 4348ee799b
commit eed1acd454
12 changed files with 509 additions and 217 deletions
--- a/app/api/bindings.py
+++ b/app/api/bindings.py
@@ -28,6 +28,8 @@ def to_binding_item(binding: TokenBinding, binding_service: BindingService) -> B
        id=binding.id,
        token_display=binding.token_display,
        bound_ip=str(binding.bound_ip),
+        binding_mode=binding.binding_mode,
+        allowed_ips=[str(item) for item in binding.allowed_ips],
        status=binding.status,
        status_label=binding_service.status_label(binding.status),
        first_used_at=binding.first_used_at,
@@ -70,7 +72,13 @@ def log_admin_action(request: Request, settings: Settings, action: str, binding_


 async def commit_binding_cache(binding: TokenBinding, binding_service: BindingService) -> None:
-    await binding_service.sync_binding_cache(binding.token_hash, str(binding.bound_ip), binding.status)
+    await binding_service.sync_binding_cache(
+        binding.token_hash,
+        str(binding.bound_ip),
+        binding.binding_mode,
+        [str(item) for item in binding.allowed_ips],
+        binding.status,
+    )


 async def update_binding_status(
@@ -138,7 +146,9 @@ async def update_bound_ip(
    binding_service: BindingService = Depends(get_binding_service),
 ):
    binding = await get_binding_or_404(session, payload.id)
-    binding.bound_ip = payload.bound_ip
+    binding.binding_mode = payload.binding_mode
+    binding.allowed_ips = payload.allowed_ips
+    binding.bound_ip = binding_service.build_bound_ip_display(payload.binding_mode, payload.allowed_ips)
    await session.commit()
    await commit_binding_cache(binding, binding_service)
    log_admin_action(request, settings, "update_ip", payload.id)
--- a/app/api/dashboard.py
+++ b/app/api/dashboard.py
@@ -76,7 +76,7 @@ async def build_recent_intercepts(session: AsyncSession) -> list[InterceptLogIte
        InterceptLogItem(
            id=item.id,
            token_display=item.token_display,
-            bound_ip=str(item.bound_ip),
+            bound_ip=item.bound_ip,
            attempt_ip=str(item.attempt_ip),
            alerted=item.alerted,
            intercepted_at=item.intercepted_at,
--- a/app/api/logs.py
+++ b/app/api/logs.py
@@ -38,7 +38,7 @@ def to_log_item(item: InterceptLog) -> InterceptLogItem:
    return InterceptLogItem(
        id=item.id,
        token_display=item.token_display,
-        bound_ip=str(item.bound_ip),
+        bound_ip=item.bound_ip,
        attempt_ip=str(item.attempt_ip),
        alerted=item.alerted,
        intercepted_at=item.intercepted_at,
@@ -47,13 +47,13 @@ def to_log_item(item: InterceptLog) -> InterceptLogItem:

 def write_log_csv(buffer: io.StringIO, logs: list[InterceptLog]) -> None:
    writer = csv.writer(buffer)
-    writer.writerow(["id", "token_display", "bound_ip", "attempt_ip", "alerted", "intercepted_at"])
+    writer.writerow(["id", "token_display", "binding_rule", "attempt_ip", "alerted", "intercepted_at"])
    for item in logs:
        writer.writerow(
            [
                item.id,
                item.token_display,
-                str(item.bound_ip),
+                item.bound_ip,
                str(item.attempt_ip),
                item.alerted,
                item.intercepted_at.isoformat(),