Kaynağa Gözat

Add authorization feature to CAP dashboard (#1113)

master
albertopm19 2 yıl önce
committed by GitHub
ebeveyn
işleme
3482c553e7
Veri tabanında bu imza için bilinen anahtar bulunamadı GPG Anahtar Kimliği: 4AEE18F83AFDEB23
3 değiştirilmiş dosya ile 45 ekleme ve 2 silme
  1. +8
    -2
      samples/Sample.Dashboard.Auth/Startup.cs
  2. +32
    -0
      src/DotNetCore.CAP.Dashboard/CAP.BuilderExtension.cs
  3. +5
    -0
      src/DotNetCore.CAP.Dashboard/CAP.DashboardOptions.cs

+ 8
- 2
samples/Sample.Dashboard.Auth/Startup.cs Dosyayı Görüntüle

@@ -17,8 +17,12 @@ namespace Sample.Dashboard.Auth

public void ConfigureServices(IServiceCollection services)
{
services
.AddAuthorization()
services
.AddAuthorization((options =>
{
// only if you want to apply role filter to CAP Dashboard user
options.AddPolicy("PolicyCap", policy => policy.RequireRole("admin.events"));
}))
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
@@ -55,6 +59,8 @@ namespace Sample.Dashboard.Auth
d.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
d.UseAuth = true;
d.DefaultAuthenticationScheme = "MyDashboardScheme";
// only if you want to apply policy authorization filter to CAP Dashboard user
d.AuthorizationPolicy = "PolicyCap";
});
cap.UseMySql(_configuration.GetValue<string>("ConnectionString"));
cap.UseRabbitMQ(aa =>


+ 32
- 0
src/DotNetCore.CAP.Dashboard/CAP.BuilderExtension.cs Dosyayı Görüntüle

@@ -9,6 +9,7 @@ using DotNetCore.CAP.Dashboard.GatewayProxy;
using DotNetCore.CAP.Dashboard.NodeDiscovery;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
@@ -44,6 +45,12 @@ namespace DotNetCore.CAP
app.Map(options.PathMatch + "/api", false, x =>
{

IAuthorizationService authService = null;
if (!String.IsNullOrEmpty(options.AuthorizationPolicy))
{
authService = app.ApplicationServices.GetService<IAuthorizationService>();
}

var builder = new RouteBuilder(x);

var methods = typeof(RouteActionProvider).GetMethods(BindingFlags.Instance | BindingFlags.Public);
@@ -64,6 +71,12 @@ namespace DotNetCore.CAP
return;
}

if (!await Authorize(request, response, options, authService))
{
response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}

var actionProvider = new RouteActionProvider(request, response, data);
try
{
@@ -88,6 +101,12 @@ namespace DotNetCore.CAP
return;
}

if (!await Authorize(request, response, options, authService))
{
response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}

var actionProvider = new RouteActionProvider(request, response, data);
try
{
@@ -144,5 +163,18 @@ namespace DotNetCore.CAP

return true;
}

internal static async Task<bool> Authorize(HttpRequest request, HttpResponse response, DashboardOptions options, IAuthorizationService authservice)
{
if (!String.IsNullOrEmpty(options.AuthorizationPolicy) && (authservice != null))
{
AuthorizationResult authorizationResult = await authservice.AuthorizeAsync(request.HttpContext.User, null, options.AuthorizationPolicy);
if (!authorizationResult.Succeeded)
{
return false;
}
}
return true;
}
}
}

+ 5
- 0
src/DotNetCore.CAP.Dashboard/CAP.DashboardOptions.cs Dosyayı Görüntüle

@@ -47,5 +47,10 @@ namespace DotNetCore.CAP
/// Default scheme used for authentication challenge. If no scheme is set, the DefaultChallengeScheme set up in AddAuthentication will be used.
/// </summary>
public string DefaultChallengeScheme { get; set; }

/// <summary>
/// Authorization policy. If no policy is set, authorization will be inactive.
/// </summary>
public string AuthorizationPolicy { get; set; }
}
}

Yükleniyor…
İptal
Kaydet