修复漏洞（对报错信息进行自定义，避免泄露系统敏感信息）

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -3,6 +3,7 @@ package com.ruoyi.web.controller.system;
 import java.util.List;
 import java.util.Set;
 
+import com.ruoyi.cms.util.StringUtil;
 import com.ruoyi.common.core.domain.entity.tymh.wwToken.WwTokenResult;
 import com.ruoyi.common.core.domain.entity.tymh.wwToken.WwUserLogin;
 import com.ruoyi.common.core.domain.model.RegisterBody;
@@ -22,6 +23,8 @@ import com.ruoyi.framework.web.service.SysLoginService;
 import com.ruoyi.framework.web.service.SysPermissionService;
 import com.ruoyi.system.service.ISysMenuService;
 
+import javax.servlet.http.HttpServletRequest;
+
 
 /**
  * 登录验证
@@ -63,9 +66,24 @@ public class SysLoginController
     @PostMapping("/app/login")
     public AjaxResult loginApp(@RequestBody LoginBody loginBody)
     {
+        return AjaxResult.error(403, "接口已禁用");
+//        AjaxResult ajax = AjaxResult.success();
+//        // 生成令牌
+//        String token = loginService.loginApp("admin", "admin123");
+//        ajax.put(Constants.TOKEN, token);
+//        return ajax;
+    }
+
+    @PostMapping("/loginWeb")
+    public AjaxResult loginWeb(@RequestBody LoginBody loginBody, HttpServletRequest request)
+    {
+        String proxyServer = StringUtil.getProxyServer(request);
+        if (!"proxy-146".equals(proxyServer)) {
+            return AjaxResult.error(403, "当前环境不允许登录");
+        }
         AjaxResult ajax = AjaxResult.success();
         // 生成令牌
-        String token = loginService.loginApp("admin", "admin123");
+        String token = loginService.loginWeb("admin", "admin123");
         ajax.put(Constants.TOKEN, token);
         return ajax;
     }