@@ -27,12 +27,13 @@ namespace DotNetCore.CAP | |||||
_routes = routes ?? throw new ArgumentNullException(nameof(routes)); | _routes = routes ?? throw new ArgumentNullException(nameof(routes)); | ||||
} | } | ||||
public Task Invoke(HttpContext context) | |||||
public async Task Invoke(HttpContext context) | |||||
{ | { | ||||
if (!context.Request.Path.StartsWithSegments(_options.PathMatch, | if (!context.Request.Path.StartsWithSegments(_options.PathMatch, | ||||
out var matchedPath, out var remainingPath)) | out var matchedPath, out var remainingPath)) | ||||
{ | { | ||||
return _next(context); | |||||
await _next(context); | |||||
return; | |||||
} | } | ||||
// Update the path | // Update the path | ||||
@@ -48,23 +49,27 @@ namespace DotNetCore.CAP | |||||
if (findResult == null) | if (findResult == null) | ||||
{ | { | ||||
return _next.Invoke(context); | |||||
await _next.Invoke(context); | |||||
return; | |||||
} | } | ||||
if (_options.Authorization.Any(filter => !filter.Authorize(dashboardContext))) | |||||
foreach (var authorizationFilter in _options.Authorization) | |||||
{ | { | ||||
var authenticateResult = await authorizationFilter.AuthorizeAsync(dashboardContext); | |||||
if (authenticateResult) continue; | |||||
var isAuthenticated = context.User?.Identity?.IsAuthenticated; | var isAuthenticated = context.User?.Identity?.IsAuthenticated; | ||||
context.Response.StatusCode = isAuthenticated == true | context.Response.StatusCode = isAuthenticated == true | ||||
? (int) HttpStatusCode.Forbidden | |||||
: (int) HttpStatusCode.Unauthorized; | |||||
? (int)HttpStatusCode.Forbidden | |||||
: (int)HttpStatusCode.Unauthorized; | |||||
return Task.CompletedTask; | |||||
return; | |||||
} | } | ||||
dashboardContext.UriMatch = findResult.Item2; | dashboardContext.UriMatch = findResult.Item2; | ||||
return findResult.Item1.Dispatch(dashboardContext); | |||||
await findResult.Item1.Dispatch(dashboardContext); | |||||
} | } | ||||
finally | finally | ||||
{ | { | ||||
@@ -1,10 +1,12 @@ | |||||
// Copyright (c) .NET Core Community. All rights reserved. | // Copyright (c) .NET Core Community. All rights reserved. | ||||
// Licensed under the MIT License. See License.txt in the project root for license information. | // Licensed under the MIT License. See License.txt in the project root for license information. | ||||
using System.Threading.Tasks; | |||||
namespace DotNetCore.CAP.Dashboard | namespace DotNetCore.CAP.Dashboard | ||||
{ | { | ||||
public interface IDashboardAuthorizationFilter | public interface IDashboardAuthorizationFilter | ||||
{ | { | ||||
bool Authorize(DashboardContext context); | |||||
Task<bool> AuthorizeAsync(DashboardContext context); | |||||
} | } | ||||
} | } |
@@ -1,13 +1,16 @@ | |||||
// Copyright (c) .NET Core Community. All rights reserved. | // Copyright (c) .NET Core Community. All rights reserved. | ||||
// Licensed under the MIT License. See License.txt in the project root for license information. | // Licensed under the MIT License. See License.txt in the project root for license information. | ||||
using System.Threading.Tasks; | |||||
using DotNetCore.CAP.Infrastructure; | using DotNetCore.CAP.Infrastructure; | ||||
namespace DotNetCore.CAP.Dashboard | namespace DotNetCore.CAP.Dashboard | ||||
{ | { | ||||
public class LocalRequestsOnlyAuthorizationFilter : IDashboardAuthorizationFilter | public class LocalRequestsOnlyAuthorizationFilter : IDashboardAuthorizationFilter | ||||
{ | { | ||||
public bool Authorize(DashboardContext context) | |||||
#pragma warning disable 1998 | |||||
public async Task<bool> AuthorizeAsync(DashboardContext context) | |||||
#pragma warning restore 1998 | |||||
{ | { | ||||
var ipAddress = context.Request.RemoteIpAddress; | var ipAddress = context.Request.RemoteIpAddress; | ||||
// if unknown, assume not local | // if unknown, assume not local | ||||