hangfire授权--025

2023-08-25 09:56:23 +08:00 · 2023-08-25 09:56:23 +08:00 · eee828ca46
parent a084a6b49b
commit eee828ca46
3 changed files with 51 additions and 14 deletions
--- a/IRaCIS.Core.API/Controllers/ExtraController.cs
+++ b/IRaCIS.Core.API/Controllers/ExtraController.cs
@ -118,10 +118,10 @@ namespace IRaCIS.Api.Controllers
                // 创建一个 CookieOptions 对象，用于设置 Cookie 的属性
                var option = new CookieOptions
                {
-                    Expires = DateTime.Now.AddMonths(1), // 设置过期时间为 30 分钟之后
+                    Expires = DateTime.Now.AddMonths(1), 
-                    HttpOnly = false, // 确保 cookie 只能通过 HTTP 访问
+                    HttpOnly = true, // 确保 cookie 只能通过 HTTP 访问
                    SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None, // 设置 SameSite 属性
-                    Secure = false // 确保 cookie 只能通过 HTTPS 访问
+                    Secure = true // 确保 cookie 只能通过 HTTPS 访问
                };
                HttpContext.Response.Cookies.Append("access_token", returnModel.Data.JWTStr, option);
--- a/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs
+++ b/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs
@ -1,7 +1,13 @@
 using Hangfire.Dashboard;
 using System.IdentityModel.Tokens.Jwt;
 using System;
 using System.Linq;
 using IRaCIS.Core.Domain.Share;
 namespace IRaCIS.Core.API.Filter
 {
    //从cookie 中取值
    public class hangfireAuthorizationFilter : IDashboardAuthorizationFilter
    {
        public bool Authorize(DashboardContext context)
@ -11,7 +17,23 @@ namespace IRaCIS.Core.API.Filter
            // Allow all authenticated users to see the Dashboard (potentially dangerous).
            //return httpContext.User.Identity.IsAuthenticated;
-            return true;
+            var jwtToken = httpContext.Request.Cookies["access_token"]?.ToString();
            var handler = new JwtSecurityTokenHandler();
            if (handler.CanReadToken(jwtToken))
            {
                var jwtSecurityToken = handler.ReadJwtToken(jwtToken);
                return jwtSecurityToken.Claims.Any(t => t.Type == JwtIRaCISClaimType.UserTypeEnum && (t.Value == UserTypeEnum.Admin.ToString()||  t.Value== UserTypeEnum.SuperAdmin.ToString()));
            }
            else
            {
                return false;
            }
        }
    }
 }
--- a/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs
+++ b/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs
@ -20,27 +20,42 @@ namespace IRaCIS.Core.API
            app.UseHangfireDashboard("/back/hangfire", new DashboardOptions()
            {
                //直接访问，没有带token 获取不到用户身份信息，所以这种自定义授权暂时没法使用
                //Authorization = new[] { new hangfireAuthorizationFilter() }
                //本地请求 才能看
                //Authorization = new[] { new LocalRequestsOnlyAuthorizationFilter() }
                DashboardTitle="后台任务管理",
-                Authorization = new BasicAuthAuthorizationFilter[] {
+
-                      new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
+
                Authorization = new IDashboardAuthorizationFilter[] { /*new hangfireAuthorizationFilter(),*/
                new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
                            SslRedirect=false,
                            RequireSsl=false,
                            Users=new BasicAuthAuthorizationUser[]{
                                  new BasicAuthAuthorizationUser(){
                                      Login="admin",
-                                      PasswordClear="test",
+                                      PasswordClear="admin",
                                  }
                             }
                      })
-                }
+                },
                DashboardTitle ="后台任务管理",
                //Authorization = new BasicAuthAuthorizationFilter[] {
                //      new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
                //            SslRedirect=false,
                //            RequireSsl=false,
                //            Users=new BasicAuthAuthorizationUser[]{
                //                  new BasicAuthAuthorizationUser(){
                //                      Login="admin",
                //                      PasswordClear="test",
                //                  }
                //             }
                //      })
                //}
            });