From eee828ca4670b8a1dd26874e8b6f2ac4b5c492d5 Mon Sep 17 00:00:00 2001
From: hang <872297557@qq.com>
Date: Fri, 25 Aug 2023 09:56:23 +0800
Subject: [PATCH] =?UTF-8?q?hangfire=E6=8E=88=E6=9D=83--025?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/ExtraController.cs            |  6 ++--
 .../Dashboard/hangfireAuthorizationFilter.cs  | 24 ++++++++++++-
 .../_PipelineExtensions/HangfireConfig.cs     | 35 +++++++++++++------
 3 files changed, 51 insertions(+), 14 deletions(-)

diff --git a/IRaCIS.Core.API/Controllers/ExtraController.cs b/IRaCIS.Core.API/Controllers/ExtraController.cs
index 73f85eb32..2347dde27 100644
--- a/IRaCIS.Core.API/Controllers/ExtraController.cs
+++ b/IRaCIS.Core.API/Controllers/ExtraController.cs
@@ -118,10 +118,10 @@ namespace IRaCIS.Api.Controllers
                 // 创建一个 CookieOptions 对象，用于设置 Cookie 的属性
                 var option = new CookieOptions
                 {
-                    Expires = DateTime.Now.AddMonths(1), // 设置过期时间为 30 分钟之后
-                    HttpOnly = false, // 确保 cookie 只能通过 HTTP 访问
+                    Expires = DateTime.Now.AddMonths(1), 
+                    HttpOnly = true, // 确保 cookie 只能通过 HTTP 访问
                     SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None, // 设置 SameSite 属性
-                    Secure = false // 确保 cookie 只能通过 HTTPS 访问
+                    Secure = true // 确保 cookie 只能通过 HTTPS 访问
                 };
 
                 HttpContext.Response.Cookies.Append("access_token", returnModel.Data.JWTStr, option);
diff --git a/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs b/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs
index 3dc3a3bb1..e75b03d58 100644
--- a/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs
+++ b/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs
@@ -1,7 +1,13 @@
 using Hangfire.Dashboard;
+using System.IdentityModel.Tokens.Jwt;
+using System;
+using System.Linq;
+using IRaCIS.Core.Domain.Share;
 
 namespace IRaCIS.Core.API.Filter
 {
+
+    //从cookie 中取值
     public class hangfireAuthorizationFilter : IDashboardAuthorizationFilter
     {
         public bool Authorize(DashboardContext context)
@@ -11,7 +17,23 @@ namespace IRaCIS.Core.API.Filter
             // Allow all authenticated users to see the Dashboard (potentially dangerous).
             //return httpContext.User.Identity.IsAuthenticated;
 
-            return true;
+            var jwtToken = httpContext.Request.Cookies["access_token"]?.ToString();
+
+            var handler = new JwtSecurityTokenHandler();
+
+            if (handler.CanReadToken(jwtToken))
+            {
+
+                var jwtSecurityToken = handler.ReadJwtToken(jwtToken);
+
+                return jwtSecurityToken.Claims.Any(t => t.Type == JwtIRaCISClaimType.UserTypeEnum && (t.Value == UserTypeEnum.Admin.ToString()||  t.Value== UserTypeEnum.SuperAdmin.ToString()));
+            }
+            else
+            {
+                return false;
+            }
+
+
         }
     }
 }
diff --git a/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs b/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs
index b233bdd82..3b9cb8b7a 100644
--- a/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs
+++ b/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs
@@ -20,27 +20,42 @@ namespace IRaCIS.Core.API
 
             app.UseHangfireDashboard("/back/hangfire", new DashboardOptions()
             {
-                //直接访问，没有带token 获取不到用户身份信息，所以这种自定义授权暂时没法使用
-                //Authorization = new[] { new hangfireAuthorizationFilter() }
-                //本地请求 才能看
-                //Authorization = new[] { new LocalRequestsOnlyAuthorizationFilter() }
-                DashboardTitle="后台任务管理",
-                
 
-                Authorization = new BasicAuthAuthorizationFilter[] {
-                      new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
+
+
+                Authorization = new IDashboardAuthorizationFilter[] { /*new hangfireAuthorizationFilter(),*/
+
+                new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
                             SslRedirect=false,
                             RequireSsl=false,
                             Users=new BasicAuthAuthorizationUser[]{
                                   new BasicAuthAuthorizationUser(){
                                       Login="admin",
-                                      PasswordClear="test",
+                                      PasswordClear="admin",
 
                                   }
                              }
 
                       })
-                }
+                },
+
+                DashboardTitle ="后台任务管理",
+
+
+                //Authorization = new BasicAuthAuthorizationFilter[] {
+                //      new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
+                //            SslRedirect=false,
+                //            RequireSsl=false,
+                //            Users=new BasicAuthAuthorizationUser[]{
+                //                  new BasicAuthAuthorizationUser(){
+                //                      Login="admin",
+                //                      PasswordClear="test",
+
+                //                  }
+                //             }
+
+                //      })
+                //}
 
             });