diff --git a/src/DotNetCore.CAP/Dashboard/CAP.DashboardMiddleware.cs b/src/DotNetCore.CAP/Dashboard/CAP.DashboardMiddleware.cs index 70d85be..6907043 100644 --- a/src/DotNetCore.CAP/Dashboard/CAP.DashboardMiddleware.cs +++ b/src/DotNetCore.CAP/Dashboard/CAP.DashboardMiddleware.cs @@ -27,12 +27,13 @@ namespace DotNetCore.CAP _routes = routes ?? throw new ArgumentNullException(nameof(routes)); } - public Task Invoke(HttpContext context) + public async Task Invoke(HttpContext context) { if (!context.Request.Path.StartsWithSegments(_options.PathMatch, out var matchedPath, out var remainingPath)) { - return _next(context); + await _next(context); + return; } // Update the path @@ -48,23 +49,27 @@ namespace DotNetCore.CAP if (findResult == null) { - return _next.Invoke(context); + await _next.Invoke(context); + return; } - if (_options.Authorization.Any(filter => !filter.Authorize(dashboardContext))) + foreach (var authorizationFilter in _options.Authorization) { + var authenticateResult = await authorizationFilter.AuthorizeAsync(dashboardContext); + if (authenticateResult) continue; + var isAuthenticated = context.User?.Identity?.IsAuthenticated; context.Response.StatusCode = isAuthenticated == true - ? (int) HttpStatusCode.Forbidden - : (int) HttpStatusCode.Unauthorized; + ? (int)HttpStatusCode.Forbidden + : (int)HttpStatusCode.Unauthorized; - return Task.CompletedTask; + return; } dashboardContext.UriMatch = findResult.Item2; - return findResult.Item1.Dispatch(dashboardContext); + await findResult.Item1.Dispatch(dashboardContext); } finally { diff --git a/src/DotNetCore.CAP/Dashboard/IDashboardAuthorizationFilter.cs b/src/DotNetCore.CAP/Dashboard/IDashboardAuthorizationFilter.cs index 0e984ba..2951b14 100644 --- a/src/DotNetCore.CAP/Dashboard/IDashboardAuthorizationFilter.cs +++ b/src/DotNetCore.CAP/Dashboard/IDashboardAuthorizationFilter.cs @@ -1,10 +1,12 @@ // Copyright (c) .NET Core Community. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. +using System.Threading.Tasks; + namespace DotNetCore.CAP.Dashboard { public interface IDashboardAuthorizationFilter { - bool Authorize(DashboardContext context); + Task AuthorizeAsync(DashboardContext context); } } \ No newline at end of file diff --git a/src/DotNetCore.CAP/Dashboard/LocalRequestsOnlyAuthorizationFilter.cs b/src/DotNetCore.CAP/Dashboard/LocalRequestsOnlyAuthorizationFilter.cs index dafd845..7dc6d82 100644 --- a/src/DotNetCore.CAP/Dashboard/LocalRequestsOnlyAuthorizationFilter.cs +++ b/src/DotNetCore.CAP/Dashboard/LocalRequestsOnlyAuthorizationFilter.cs @@ -1,13 +1,16 @@ // Copyright (c) .NET Core Community. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. +using System.Threading.Tasks; using DotNetCore.CAP.Infrastructure; namespace DotNetCore.CAP.Dashboard { public class LocalRequestsOnlyAuthorizationFilter : IDashboardAuthorizationFilter { - public bool Authorize(DashboardContext context) +#pragma warning disable 1998 + public async Task AuthorizeAsync(DashboardContext context) +#pragma warning restore 1998 { var ipAddress = context.Request.RemoteIpAddress; // if unknown, assume not local