diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs index d12a51e50..1e9817511 100644 --- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs +++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs @@ -216,11 +216,20 @@ namespace LINGYUN.Abp.MessageService Configure(options => { + if (configuration.GetSection("Hangfire:Dashboard:WhiteList").Exists()) + { + options.WithWhite( + configuration["Hangfire:Dashboard:WhiteList"] + .Split(",", StringSplitOptions.RemoveEmptyEntries) + .Select(o => o.RemovePostFix("/")) + .ToArray()); + } + options.WithOrigins( configuration["App:CorsOrigins"] - .Split(",", StringSplitOptions.RemoveEmptyEntries) - .Select(o => o.RemovePostFix("/")) - .ToArray() + .Split(",", StringSplitOptions.RemoveEmptyEntries) + .Select(o => o.RemovePostFix("/")) + .ToArray() ); }); diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs index 29862f433..88eccea47 100644 --- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs +++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs @@ -20,12 +20,6 @@ namespace LINGYUN.Abp.MessageService.Authorization public bool Authorize([NotNull] DashboardContext context) { - // 本地请求 - if (LocalRequestOnlyAuthorize(context)) - { - return true; - } - // 放行路径 if (AllowGrantPath.Contains(context.Request.Path)) { @@ -37,6 +31,12 @@ namespace LINGYUN.Abp.MessageService.Authorization if (options != null) { + // 白名单检查 + if (!context.Request.RemoteIpAddress.IsNullOrWhiteSpace() + && options.IpAllow(context.Request.RemoteIpAddress)) + { + return true; + } // 请求路径对应的权限检查 // TODO: 怎么来传递用户身份令牌? var permission = options.GetPermission(context.Request.Path); @@ -69,25 +69,5 @@ namespace LINGYUN.Abp.MessageService.Authorization } return base.Equals(obj); } - - protected virtual bool LocalRequestOnlyAuthorize(DashboardContext context) - { - if (string.IsNullOrEmpty(context.Request.RemoteIpAddress)) - { - return false; - } - - if (context.Request.RemoteIpAddress == "127.0.0.1" || context.Request.RemoteIpAddress == "::1") - { - return true; - } - - if (context.Request.RemoteIpAddress == context.Request.LocalIpAddress) - { - return true; - } - - return false; - } } } diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireDashboardRouteOptions.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireDashboardRouteOptions.cs index ee9ea7213..3aa788757 100644 --- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireDashboardRouteOptions.cs +++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireDashboardRouteOptions.cs @@ -1,4 +1,5 @@ using LINGYUN.Abp.MessageService.Permissions; +using System; using System.Collections.Generic; using System.Linq; @@ -7,12 +8,30 @@ namespace Hangfire public class HangfireDashboardRouteOptions { public IList AllowFrameOrigins { get; } + /// + /// 白名单 + /// 添加网关地址 + /// + public IList WhiteList { get; } public IDictionary RoutePermissions { get; } public HangfireDashboardRouteOptions() { + WhiteList = new List(); AllowFrameOrigins = new List(); RoutePermissions = new Dictionary(); InitDefaultRoutes(); + WithWhite("127.0.0.1"); + WithWhite("::1"); + } + + public bool IpAllow(string ipaddress) + { + return WhiteList.Any(ip => ip == ipaddress); + } + + public void WithWhite(params string[] wgites) + { + WhiteList.AddIfNotContains(wgites); } public void WithOrigins(params string[] origins)