From b3749845081411253ebf600bc90dd1a1a4390691 Mon Sep 17 00:00:00 2001
From: cKey <35512826+colinin@users.noreply.github.com>
Date: Thu, 27 Aug 2020 15:02:14 +0800
Subject: [PATCH] add hangfire dashboard authorization

---
 .../AbpMessageServiceHttpApiHostModule.cs     |  6 +-
 .../HangfireDashboardAuthorizationFilter.cs   | 46 ++++++++++++
 .../Hangfire/DashboardOptionsExtensions.cs    | 74 +++++++++++++++++++
 .../HangfireApplicationBuilderExtensions.cs   | 41 ++++++++++
 ...sageServicePermissionDefinitionProvider.cs | 22 ++++++
 .../AbpMessageServicePermissions.cs           | 12 +++
 6 files changed, 200 insertions(+), 1 deletion(-)
 create mode 100644 aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs
 create mode 100644 aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/DashboardOptionsExtensions.cs
 create mode 100644 aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireApplicationBuilderExtensions.cs
 create mode 100644 aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissionDefinitionProvider.cs
 create mode 100644 aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissions.cs

diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
index 874239d66..1f065011e 100644
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
@@ -8,6 +8,7 @@ using LINGYUN.Abp.ExceptionHandling;
 using LINGYUN.Abp.ExceptionHandling.Notifications;
 using LINGYUN.Abp.Hangfire.Storage.MySql;
 using LINGYUN.Abp.IM.SignalR;
+using LINGYUN.Abp.MessageService.Authorization;
 using LINGYUN.Abp.MessageService.EntityFrameworkCore;
 using LINGYUN.Abp.MessageService.Localization;
 using LINGYUN.Abp.MessageService.MultiTenancy;
@@ -253,7 +254,10 @@ namespace LINGYUN.Abp.MessageService
             // 审计日志
             app.UseAuditing();
             app.UseHangfireServer();
-            app.UseHangfireDashboard();
+            app.UseHangfireDashboard(options =>
+            {
+                options.UseAuthorization(new HangfireDashboardAuthorizationFilter());
+            });
             // 路由
             app.UseConfiguredEndpoints();
         }
diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs
new file mode 100644
index 000000000..298b561d2
--- /dev/null
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs
@@ -0,0 +1,46 @@
+using Hangfire.Annotations;
+using Hangfire.Dashboard;
+using LINGYUN.Abp.MessageService.Permissions;
+using Microsoft.Extensions.DependencyInjection;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Threading;
+
+namespace LINGYUN.Abp.MessageService.Authorization
+{
+    public class HangfireDashboardAuthorizationFilter : IDashboardAuthorizationFilter
+    {
+        public bool Authorize([NotNull] DashboardContext context)
+        {
+            var httpContext = context.GetHttpContext();
+
+            var permissionChecker = httpContext.RequestServices.GetService<IPermissionChecker>();
+
+            if (permissionChecker != null)
+            {
+                // 可以详细到每个页面授权,这里就免了
+                return AsyncHelper.RunSync(async () => await permissionChecker.IsGrantedAsync(AbpMessageServicePermissions.Hangfire.ManageQueue));
+            }
+            return new LocalRequestsOnlyAuthorizationFilter().Authorize(context);
+        }
+
+        public override int GetHashCode()
+        {
+            // 类型相同就行了
+            return GetType().FullName.GetHashCode();
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (obj == null)
+            {
+                return false;
+            }
+            // 类型相同就行了
+            if (GetType().Equals(obj.GetType()))
+            {
+                return true;
+            }
+            return base.Equals(obj);
+        }
+    }
+}
diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/DashboardOptionsExtensions.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/DashboardOptionsExtensions.cs
new file mode 100644
index 000000000..9b8374fe3
--- /dev/null
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/DashboardOptionsExtensions.cs
@@ -0,0 +1,74 @@
+using Hangfire.Dashboard;
+using JetBrains.Annotations;
+using System.Collections.Generic;
+using Volo.Abp;
+
+namespace Hangfire
+{
+    public static class DashboardOptionsExtensions
+    {
+        public static DashboardOptions AddAuthorization(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IDashboardAuthorizationFilter authorizationFilter)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilter, nameof(authorizationFilter));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>();
+            filters.AddRange(options.Authorization);
+            filters.AddIfNotContains(authorizationFilter);
+
+            options.Authorization = filters;
+
+            return options;
+        }
+
+        public static DashboardOptions AddAuthorizations(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IEnumerable<IDashboardAuthorizationFilter> authorizationFilters)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilters, nameof(authorizationFilters));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>();
+            filters.AddRange(options.Authorization);
+            filters.AddIfNotContains(authorizationFilters);
+
+            options.Authorization = filters;
+
+            return options;
+        }
+
+        public static DashboardOptions UseAuthorization(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IDashboardAuthorizationFilter authorizationFilter)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilter, nameof(authorizationFilter));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>
+            {
+                authorizationFilter
+            };
+
+            options.Authorization = filters;
+
+            return options;
+        }
+
+        public static DashboardOptions UseAuthorizations(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IEnumerable<IDashboardAuthorizationFilter> authorizationFilters)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilters, nameof(authorizationFilters));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>();
+            filters.AddRange(authorizationFilters);
+
+            options.Authorization = filters;
+
+            return options;
+        }
+    }
+}
diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireApplicationBuilderExtensions.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireApplicationBuilderExtensions.cs
new file mode 100644
index 000000000..9b20af009
--- /dev/null
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireApplicationBuilderExtensions.cs
@@ -0,0 +1,41 @@
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Builder;
+using System;
+using Volo.Abp;
+
+namespace Hangfire
+{
+    public static class HangfireApplicationBuilderExtensions
+    {
+        public static IApplicationBuilder UseHangfireDashboard(
+            [NotNull] this IApplicationBuilder app,
+            [CanBeNull] Action<DashboardOptions> setup = null)
+        {
+            Check.NotNull(app, nameof(app));
+            return app.UseHangfireDashboard("/hangfire", setup, null);
+        }
+
+        public static IApplicationBuilder UseHangfireDashboard(
+            [NotNull] this IApplicationBuilder app,
+            [CanBeNull] string pathMatch = "/hangfire",
+            [CanBeNull] Action<DashboardOptions> setup = null)
+        {
+            Check.NotNull(app, nameof(app));
+            return app.UseHangfireDashboard(pathMatch, setup, null);
+        }
+
+        public static IApplicationBuilder UseHangfireDashboard(
+            [NotNull] this IApplicationBuilder app,
+            [CanBeNull] string pathMatch = "/hangfire",
+            [CanBeNull] Action<DashboardOptions> setup = null,
+            [CanBeNull] JobStorage storage = null)
+        {
+            Check.NotNull(app, nameof(app));
+
+            var options = new DashboardOptions();
+            setup?.Invoke(options);
+
+            return app.UseHangfireDashboard(pathMatch: pathMatch, options: options, storage: storage);
+        }
+    }
+}
diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissionDefinitionProvider.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissionDefinitionProvider.cs
new file mode 100644
index 000000000..c5ba7020a
--- /dev/null
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissionDefinitionProvider.cs
@@ -0,0 +1,22 @@
+using LINGYUN.Abp.MessageService.Localization;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Localization;
+
+namespace LINGYUN.Abp.MessageService.Permissions
+{
+    public class AbpMessageServicePermissionDefinitionProvider : PermissionDefinitionProvider
+    {
+        public override void Define(IPermissionDefinitionContext context)
+        {
+            var group = context.GetGroup(MessageServicePermissions.GroupName);
+
+            var hangfirePermission = group.AddPermission(AbpMessageServicePermissions.Hangfire.Default, L("Permission:Hangfire"));
+            hangfirePermission.AddChild(AbpMessageServicePermissions.Hangfire.ManageQueue, L("Permission:ManageQueue"));
+        }
+
+        private static LocalizableString L(string name)
+        {
+            return LocalizableString.Create<MessageServiceResource>(name);
+        }
+    }
+}
diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissions.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissions.cs
new file mode 100644
index 000000000..ff2aeb98f
--- /dev/null
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissions.cs
@@ -0,0 +1,12 @@
+namespace LINGYUN.Abp.MessageService.Permissions
+{
+    public class AbpMessageServicePermissions
+    {
+        public class Hangfire
+        {
+            public const string Default = MessageServicePermissions.GroupName + ".Hangfire";
+
+            public const string ManageQueue = Default + ".ManageQueue";
+        }
+    }
+}