hangfire授权--025

2023-08-25 09:56:23 +08:00 · 2023-08-25 09:56:23 +08:00 · eee828ca46
parent a084a6b49b
commit eee828ca46
3 changed files with 51 additions and 14 deletions
--- a/IRaCIS.Core.API/Controllers/ExtraController.cs
+++ b/IRaCIS.Core.API/Controllers/ExtraController.cs
@ -118,10 +118,10 @@ namespace IRaCIS.Api.Controllers
                // 创建一个 CookieOptions 对象，用于设置 Cookie 的属性
                var option = new CookieOptions
                {
-                    Expires = DateTime.Now.AddMonths(1), // 设置过期时间为 30 分钟之后
-                    HttpOnly = false, // 确保 cookie 只能通过 HTTP 访问
+                    Expires = DateTime.Now.AddMonths(1), 
+                    HttpOnly = true, // 确保 cookie 只能通过 HTTP 访问
                    SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None, // 设置 SameSite 属性
-                    Secure = false // 确保 cookie 只能通过 HTTPS 访问
+                    Secure = true // 确保 cookie 只能通过 HTTPS 访问
                };

                HttpContext.Response.Cookies.Append("access_token", returnModel.Data.JWTStr, option);
--- a/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs
+++ b/IRaCIS.Core.API/_PipelineExtensions/Dashboard/hangfireAuthorizationFilter.cs
@ -1,7 +1,13 @@
 using Hangfire.Dashboard;
+using System.IdentityModel.Tokens.Jwt;
+using System;
+using System.Linq;
+using IRaCIS.Core.Domain.Share;

 namespace IRaCIS.Core.API.Filter
 {
+
+    //从cookie 中取值
    public class hangfireAuthorizationFilter : IDashboardAuthorizationFilter
    {
        public bool Authorize(DashboardContext context)
@ -11,7 +17,23 @@ namespace IRaCIS.Core.API.Filter
            // Allow all authenticated users to see the Dashboard (potentially dangerous).
            //return httpContext.User.Identity.IsAuthenticated;

-            return true;
+            var jwtToken = httpContext.Request.Cookies["access_token"]?.ToString();
+
+            var handler = new JwtSecurityTokenHandler();
+
+            if (handler.CanReadToken(jwtToken))
+            {
+
+                var jwtSecurityToken = handler.ReadJwtToken(jwtToken);
+
+                return jwtSecurityToken.Claims.Any(t => t.Type == JwtIRaCISClaimType.UserTypeEnum && (t.Value == UserTypeEnum.Admin.ToString()||  t.Value== UserTypeEnum.SuperAdmin.ToString()));
+            }
+            else
+            {
+                return false;
+            }
+
+
        }
    }
 }
--- a/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs
+++ b/IRaCIS.Core.API/_PipelineExtensions/HangfireConfig.cs
@ -20,27 +20,42 @@ namespace IRaCIS.Core.API

            app.UseHangfireDashboard("/back/hangfire", new DashboardOptions()
            {
-                //直接访问，没有带token 获取不到用户身份信息，所以这种自定义授权暂时没法使用
-                //Authorization = new[] { new hangfireAuthorizationFilter() }
-                //本地请求 才能看
-                //Authorization = new[] { new LocalRequestsOnlyAuthorizationFilter() }
-                DashboardTitle="后台任务管理",


-                Authorization = new BasicAuthAuthorizationFilter[] {
+
+                Authorization = new IDashboardAuthorizationFilter[] { /*new hangfireAuthorizationFilter(),*/
+
                new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
                            SslRedirect=false,
                            RequireSsl=false,
                            Users=new BasicAuthAuthorizationUser[]{
                                  new BasicAuthAuthorizationUser(){
                                      Login="admin",
-                                      PasswordClear="test",
+                                      PasswordClear="admin",

                                  }
                             }

                      })
-                }
+                },
+
+                DashboardTitle ="后台任务管理",
+
+
+                //Authorization = new BasicAuthAuthorizationFilter[] {
+                //      new BasicAuthAuthorizationFilter(new BasicAuthAuthorizationFilterOptions(){
+                //            SslRedirect=false,
+                //            RequireSsl=false,
+                //            Users=new BasicAuthAuthorizationUser[]{
+                //                  new BasicAuthAuthorizationUser(){
+                //                      Login="admin",
+                //                      PasswordClear="test",
+
+                //                  }
+                //             }
+
+                //      })
+                //}

            });