Merge pull request #424 from colinin/4.4.3

fix(hangfire): 修复Hangfire仪表板权限问题
4 years ago · db834df0d4
20 changed files with 265 additions and 277 deletions
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN.Abp.Hangfire.Dashboard.csproj
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN.Abp.Hangfire.Dashboard.csproj
@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">

 	<Import Project="..\..\..\common.props" />

@ -7,18 +7,9 @@
 	  <RootNamespace />
  </PropertyGroup>

-  <ItemGroup>
-    <None Remove="LINGYUN\Abp\Hangfire\Dashboard\Localization\Resources\en.json" />
-    <None Remove="LINGYUN\Abp\Hangfire\Dashboard\Localization\Resources\zh-Hans.json" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <EmbeddedResource Include="LINGYUN\Abp\Hangfire\Dashboard\Localization\Resources\en.json" />
-    <EmbeddedResource Include="LINGYUN\Abp\Hangfire\Dashboard\Localization\Resources\zh-Hans.json" />
-  </ItemGroup>
-
 	<ItemGroup>
 		<PackageReference Include="Volo.Abp.Authorization" Version="4.4.0" />
+		<PackageReference Include="Volo.Abp.Caching" Version="4.4.0" />
 		<PackageReference Include="Volo.Abp.Hangfire" Version="4.4.0" />
 	</ItemGroup>

--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/AbpHangfireDashboardModule.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/AbpHangfireDashboardModule.cs
@ -1,36 +1,22 @@
-using LINGYUN.Abp.Hangfire.Dashboard.Localization;
-using Microsoft.Extensions.DependencyInjection;
-using Volo.Abp.Authorization;
-using Volo.Abp.Hangfire;
-using Volo.Abp.Localization;
-using Volo.Abp.Modularity;
-using Volo.Abp.VirtualFileSystem;
-
-namespace LINGYUN.Abp.Hangfire.Dashboard
-{
-    [DependsOn(
-        typeof(AbpLocalizationModule),
-        typeof(AbpAuthorizationModule),
-        typeof(AbpHangfireModule))]
-    public class AbpHangfireDashboardModule : AbpModule
-    {
-        public override void ConfigureServices(ServiceConfigurationContext context)
-        {
-            Configure<AbpVirtualFileSystemOptions>(options =>
-            {
-                options.FileSets.AddEmbedded<AbpHangfireDashboardModule>();
-            });
-
-            Configure<AbpLocalizationOptions>(options =>
-            {
-                options.Resources.Add<HangfireDashboardResource>();
-            });
-
-            context.Services.AddTransient(serviceProvider =>
-            {
-                var options = serviceProvider.GetRequiredService<AbpHangfireDashboardOptionsProvider>().Get();
-                return context.Services.ExecutePreConfiguredActions(options);
-            });
-        }
-    }
-}
+using Microsoft.Extensions.DependencyInjection;
+using Volo.Abp.Authorization;
+using Volo.Abp.Hangfire;
+using Volo.Abp.Modularity;
+
+namespace LINGYUN.Abp.Hangfire.Dashboard
+{
+    [DependsOn(
+        typeof(AbpAuthorizationModule),
+        typeof(AbpHangfireModule))]
+    public class AbpHangfireDashboardModule : AbpModule
+    {
+        public override void ConfigureServices(ServiceConfigurationContext context)
+        {
+            context.Services.AddTransient(serviceProvider =>
+            {
+                var options = serviceProvider.GetRequiredService<AbpHangfireDashboardOptionsProvider>().Get();
+                return context.Services.ExecutePreConfiguredActions(options);
+            });
+        }
+    }
+}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/AbpHangfireDashboardOptionsProvider.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/AbpHangfireDashboardOptionsProvider.cs
@ -1,32 +1,13 @@
-using Hangfire;
-using Hangfire.Dashboard;
-using LINGYUN.Abp.Hangfire.Dashboard.Authorization;
-using Microsoft.Extensions.DependencyInjection;
-using Volo.Abp.Authorization.Permissions;
-using Volo.Abp.DependencyInjection;
-using Volo.Abp.Threading;
-
-namespace LINGYUN.Abp.Hangfire.Dashboard
-{
-    public class AbpHangfireDashboardOptionsProvider : ITransientDependency
-    {
-        public virtual DashboardOptions Get()
-        {
-            return new DashboardOptions
-            {
-                Authorization = new IDashboardAuthorizationFilter[]
-                {
-                    new DashboardAuthorizationFilter()
-                },
-                IsReadOnlyFunc = (context) =>
-                {
-                    var httpContext = context.GetHttpContext();
-                    var permissionChecker = httpContext.RequestServices.GetRequiredService<IPermissionChecker>();
-
-                    return !AsyncHelper.RunSync(async () =>
-                        await permissionChecker.IsGrantedAsync(HangfireDashboardPermissions.Dashboard.ManageJobs));
-                }
-            };
-        }
-    }
-}
+using Hangfire;
+using Volo.Abp.DependencyInjection;
+
+namespace LINGYUN.Abp.Hangfire.Dashboard
+{
+    public class AbpHangfireDashboardOptionsProvider : ITransientDependency
+    {
+        public virtual DashboardOptions Get()
+        {
+            return new DashboardOptions();
+        }
+    }
+}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/DashboardAuthorizationFilter.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/DashboardAuthorizationFilter.cs
@ -1,32 +1,46 @@
-using Hangfire.Annotations;
-using Hangfire.Dashboard;
-using Microsoft.Extensions.DependencyInjection;
-using System.Linq;
-using Volo.Abp.Authorization.Permissions;
-using Volo.Abp.Threading;
-
-namespace LINGYUN.Abp.Hangfire.Dashboard.Authorization
-{
-    public class DashboardAuthorizationFilter : IDashboardAuthorizationFilter
-    {
-        internal readonly static string[] AllowRoutePrefixs = new string[]
-        {
-            "/stats",
-            "/js",
-            "/css",
-            "/fonts"
-        };
-        public bool Authorize([NotNull] DashboardContext context)
-        {
-            if (AllowRoutePrefixs.Any(url => context.Request.Path.StartsWith(url)))
-            {
-                return true;
-            }
-
-            var httpContext = context.GetHttpContext();
-            var permissionChecker = httpContext.RequestServices.GetRequiredService<IPermissionChecker>();
-            return AsyncHelper.RunSync(async () => 
-                await permissionChecker.IsGrantedAsync(httpContext.User, HangfireDashboardPermissions.Dashboard.Default));
-        }
-    }
-}
+using Hangfire.Dashboard;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Volo.Abp.Users;
+
+namespace LINGYUN.Abp.Hangfire.Dashboard.Authorization
+{
+    public class DashboardAuthorizationFilter : IDashboardAsyncAuthorizationFilter
+    {
+        private readonly string[] _requiredPermissionNames;
+
+        public DashboardAuthorizationFilter(params string[] requiredPermissionNames)
+        {
+            _requiredPermissionNames = requiredPermissionNames;
+        }
+
+        public async Task<bool> AuthorizeAsync(DashboardContext context)
+        {
+            if (!IsLoggedIn(context))
+            {
+                return false;
+            }
+
+            if (_requiredPermissionNames.IsNullOrEmpty())
+            {
+                return true;
+            }
+
+            return await IsPermissionGrantedAsync(context, _requiredPermissionNames);
+        }
+
+        private static bool IsLoggedIn(DashboardContext context)
+        {
+            var currentUser = context.GetHttpContext().RequestServices.GetRequiredService<ICurrentUser>();
+            return currentUser.IsAuthenticated;
+        }
+
+        private static async Task<bool> IsPermissionGrantedAsync(DashboardContext context, string[] requiredPermissionNames)
+        {
+            var permissionChecker = context.GetHttpContext().RequestServices.GetRequiredService<IDashboardPermissionChecker>();
+            return await permissionChecker.IsGrantedAsync(context, requiredPermissionNames);
+        }
+    }
+}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/DashboardPermissionChecker.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/DashboardPermissionChecker.cs
@ -0,0 +1,48 @@
+using Hangfire.Dashboard;
+using Microsoft.Extensions.Caching.Memory;
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.DependencyInjection;
+
+namespace LINGYUN.Abp.Hangfire.Dashboard.Authorization
+{
+    public class DashboardPermissionChecker : IDashboardPermissionChecker, ITransientDependency
+    {
+        // 仪表板属于高频访问, 设定有效期的二级权限缓存
+        private readonly IMemoryCache _memoryCache;
+        private readonly IPermissionChecker _permissionChecker;
+
+        public DashboardPermissionChecker(
+            IMemoryCache memoryCache,
+            IPermissionChecker permissionChecker)
+        {
+            _memoryCache = memoryCache;
+            _permissionChecker = permissionChecker;
+        }
+
+        public virtual async Task<bool> IsGrantedAsync(DashboardContext context, string[] requiredPermissionNames)
+        {
+            var localPermissionKey = $"_HDPS:{requiredPermissionNames.JoinAsString(";")}";
+
+            if (_memoryCache.TryGetValue(localPermissionKey, out MultiplePermissionGrantResult cacheItem))
+            {
+                return cacheItem.AllGranted;
+            }
+
+            cacheItem = await _permissionChecker.IsGrantedAsync(requiredPermissionNames);
+
+            _memoryCache.Set(
+                localPermissionKey,
+                cacheItem,
+                new MemoryCacheEntryOptions
+                {
+                    // 5分钟过期
+                    AbsoluteExpiration = DateTimeOffset.Now.AddMinutes(5d),
+                });
+
+            return cacheItem.AllGranted;
+        }
+    }
+}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/HangfireDashboardPermissionDefinitionProvider.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/HangfireDashboardPermissionDefinitionProvider.cs
@ -1,33 +0,0 @@
-using LINGYUN.Abp.Hangfire.Dashboard.Localization;
-using Volo.Abp.Authorization.Permissions;
-using Volo.Abp.Localization;
-using Volo.Abp.MultiTenancy;
-
-namespace LINGYUN.Abp.Hangfire.Dashboard.Authorization
-{
-    public class HangfireDashboardPermissionDefinitionProvider : PermissionDefinitionProvider
-    {
-        public override void Define(IPermissionDefinitionContext context)
-        {
-            var group = context.AddGroup(
-                HangfireDashboardPermissions.GroupName,
-                L("Permission:Hangfire"),
-                MultiTenancySides.Host); // 除非对Hangfire Api进行改造,否则不能区分租户
-
-            var dashboard = group.AddPermission(
-                HangfireDashboardPermissions.Dashboard.Default,
-                L("Permission:Dashboard"),
-                MultiTenancySides.Host);
-
-            dashboard.AddChild(
-                HangfireDashboardPermissions.Dashboard.ManageJobs,
-                L("Permission:ManageJobs"),
-                MultiTenancySides.Host);
-        }
-
-        private static LocalizableString L(string name)
-        {
-            return LocalizableString.Create<HangfireDashboardResource>(name);
-        }
-    }
-}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/HangfireDashboardPermissions.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/HangfireDashboardPermissions.cs
@ -1,15 +0,0 @@
-namespace LINGYUN.Abp.Hangfire.Dashboard.Authorization
-{
-    public static class HangfireDashboardPermissions
-    {
-        public const string GroupName = "Hangfire";
-
-        public static class Dashboard
-        {
-            public const string Default = GroupName + ".Dashboard";
-
-            public const string ManageJobs = Default + ".ManageJobs";
-            // TODO: other pages...
-        }
-    }
-}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/IDashboardPermissionChecker.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Authorization/IDashboardPermissionChecker.cs
@ -0,0 +1,10 @@
+using Hangfire.Dashboard;
+using System.Threading.Tasks;
+
+namespace LINGYUN.Abp.Hangfire.Dashboard.Authorization
+{
+    public interface IDashboardPermissionChecker
+    {
+        Task<bool> IsGrantedAsync(DashboardContext context, string[] requiredPermissionNames);
+    }
+}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Localization/HangfireDashboardResource.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Localization/HangfireDashboardResource.cs
@ -1,9 +0,0 @@
-using Volo.Abp.Localization;
-
-namespace LINGYUN.Abp.Hangfire.Dashboard.Localization
-{
-    [LocalizationResourceName("HangfireDashboard")]
-    public class HangfireDashboardResource
-    {
-    }
-}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Localization/Resources/en.json
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Localization/Resources/en.json
@ -1,7 +0,0 @@
-{
-  "culture": "en",
-  "texts": {
-    "Permission:Hangfire": "Hangfire",
-    "Permission:Dashboard": "Dashboard"
-  }
-}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Localization/Resources/zh-Hans.json
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/LINGYUN/Abp/Hangfire/Dashboard/Localization/Resources/zh-Hans.json
@ -1,7 +0,0 @@
-{
-  "culture": "zh-Hans",
-  "texts": {
-    "Permission:Hangfire": "Hangfire",
-    "Permission:Dashboard": "仪表板"
-  }
-}
--- a/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/Microsoft/AspNetCore/Http/HangfireAuthoricationMiddleware.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.Hangfire.Dashboard/Microsoft/AspNetCore/Http/HangfireAuthoricationMiddleware.cs
@ -1,27 +1,27 @@
-using System.Threading.Tasks;
-using Volo.Abp.DependencyInjection;
-
-namespace Microsoft.AspNetCore.Http
-{
-    public class HangfireAuthoricationMiddleware : IMiddleware, ITransientDependency
-    {
-        public async Task InvokeAsync(HttpContext context, RequestDelegate next)
-        {
-            // 通过 iframe 加载页面的话,需要手动传递 access_token 到参数列表
-            if (context.Request.Path.StartsWithSegments("/hangfire") && 
-                context.User.Identity?.IsAuthenticated != true)
-            {
-                if (context.Request.Query.TryGetValue("access_token", out var accessTokens))
-                {
-                    context.Request.Headers.Add("Authorization", accessTokens);
-                    context.Response.Cookies.Append("access_token", accessTokens);
-                }
-                else if (context.Request.Cookies.TryGetValue("access_token", out string tokens))
-                {
-                    context.Request.Headers.Add("Authorization", tokens);
-                }
-            }
-            await next(context);
-        }
-    }
-}
+using System.Threading.Tasks;
+using Volo.Abp.DependencyInjection;
+
+namespace Microsoft.AspNetCore.Http
+{
+    public class HangfireAuthoricationMiddleware : IMiddleware, ITransientDependency
+    {
+        public async Task InvokeAsync(HttpContext context, RequestDelegate next)
+        {
+            // 通过 iframe 加载页面的话,初次传递 access_token 到 QueryString
+            if (context.Request.Path.StartsWithSegments("/hangfire") && 
+                context.User.Identity?.IsAuthenticated != true)
+            {
+                if (context.Request.Query.TryGetValue("access_token", out var accessTokens))
+                {
+                    context.Request.Headers.Add("Authorization", accessTokens);
+                    context.Response.Cookies.Append("access_token", accessTokens);
+                }
+                else if (context.Request.Cookies.TryGetValue("access_token", out string tokens))
+                {
+                    context.Request.Headers.Add("Authorization", tokens);
+                }
+            }
+            await next(context);
+        }
+    }
+}
--- a/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Localization/ApplicationContracts/en.json
+++ b/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Localization/ApplicationContracts/en.json
@ -4,7 +4,8 @@
    "Permission:MessageService": "Message service",
    "Permission:Notification": "Notification",
    "Permission:Delete": "Delete",
-    "Permission:Hangfire": "Hangfire dashboard",
+    "Permission:Hangfire": "Hangfire",
+    "Permission:Dashboard": "Dashboard",
    "Permission:ManageQueue": "Manage queue"
  }
 }
--- a/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Localization/ApplicationContracts/zh-Hans.json
+++ b/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Localization/ApplicationContracts/zh-Hans.json
@ -4,7 +4,8 @@
    "Permission:MessageService": "消息服务",
    "Permission:Notification": "通知管理",
    "Permission:Delete": "删除",
-    "Permission:Hangfire": "Hangfire仪表板",
+    "Permission:Hangfire": "Hangfire",
+    "Permission:Dashboard": "仪表板",
    "Permission:ManageQueue": "管理队列"
  }
 }
--- a/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Permissions/MessageServicePermissions.cs
+++ b/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Permissions/MessageServicePermissions.cs
@ -1,21 +1,23 @@
-namespace LINGYUN.Abp.MessageService.Permissions
-{
-    public class MessageServicePermissions
-    {
-        public const string GroupName = "MessageService";
-
-        public class Notification
-        {
-            public const string Default = GroupName + ".Notification";
-
-            public const string Delete = Default + ".Delete";
-        }
-
-        public class Hangfire
-        {
-            public const string Default = GroupName + ".Hangfire";
-
-            public const string ManageQueue = Default + ".ManageQueue";
-        }
-    }
-}
+namespace LINGYUN.Abp.MessageService.Permissions
+{
+    public class MessageServicePermissions
+    {
+        public const string GroupName = "MessageService";
+
+        public class Notification
+        {
+            public const string Default = GroupName + ".Notification";
+
+            public const string Delete = Default + ".Delete";
+        }
+
+        public class Hangfire
+        {
+            public const string Default = GroupName + ".Hangfire";
+
+            public const string Dashboard = Default + ".Dashboard";
+
+            public const string ManageQueue = Default + ".ManageQueue";
+        }
+    }
+}
--- a/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Permissions/MessageServicePermissionsDefinitionProvider.cs
+++ b/aspnet-core/modules/message/LINGYUN.Abp.MessageService.Application.Contracts/LINGYUN/Abp/MessageService/Permissions/MessageServicePermissionsDefinitionProvider.cs
@ -1,25 +1,26 @@
-using LINGYUN.Abp.MessageService.Localization;
-using Volo.Abp.Authorization.Permissions;
-using Volo.Abp.Localization;
-
-namespace LINGYUN.Abp.MessageService.Permissions
-{
-    public class MessageServicePermissionsDefinitionProvider : PermissionDefinitionProvider
-    {
-        public override void Define(IPermissionDefinitionContext context)
-        {
-            var group = context.AddGroup(MessageServicePermissions.GroupName, L("Permission:MessageService"));
-
-            var noticeGroup = group.AddPermission(MessageServicePermissions.Notification.Default, L("Permission:Notification"));
-            noticeGroup.AddChild(MessageServicePermissions.Notification.Delete, L("Permission:Delete"));
-
-            var hangfirePermission = group.AddPermission(MessageServicePermissions.Hangfire.Default, L("Permission:Hangfire"));
-            hangfirePermission.AddChild(MessageServicePermissions.Hangfire.ManageQueue, L("Permission:ManageQueue"));
-        }
-
-        private static LocalizableString L(string name)
-        {
-            return LocalizableString.Create<MessageServiceResource>(name);
-        }
-    }
-}
+using LINGYUN.Abp.MessageService.Localization;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Localization;
+
+namespace LINGYUN.Abp.MessageService.Permissions
+{
+    public class MessageServicePermissionsDefinitionProvider : PermissionDefinitionProvider
+    {
+        public override void Define(IPermissionDefinitionContext context)
+        {
+            var group = context.AddGroup(MessageServicePermissions.GroupName, L("Permission:MessageService"));
+
+            var noticeGroup = group.AddPermission(MessageServicePermissions.Notification.Default, L("Permission:Notification"));
+            noticeGroup.AddChild(MessageServicePermissions.Notification.Delete, L("Permission:Delete"));
+
+            var hangfirePermission = group.AddPermission(MessageServicePermissions.Hangfire.Default, L("Permission:Hangfire"));
+            hangfirePermission.AddChild(MessageServicePermissions.Hangfire.Dashboard, L("Permission:Dashboard"));
+            hangfirePermission.AddChild(MessageServicePermissions.Hangfire.ManageQueue, L("Permission:ManageQueue"));
+        }
+
+        private static LocalizableString L(string name)
+        {
+            return LocalizableString.Create<MessageServiceResource>(name);
+        }
+    }
+}
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.Configure.cs
@ -1,7 +1,10 @@
 using DotNetCore.CAP;
+using Hangfire.Dashboard;
 using LINGYUN.Abp.ExceptionHandling;
+using LINGYUN.Abp.Hangfire.Dashboard.Authorization;
 using LINGYUN.Abp.Localization.CultureMap;
 using LINGYUN.Abp.MessageService.Localization;
+using LINGYUN.Abp.MessageService.Permissions;
 using LINGYUN.Abp.Serilog.Enrichers.Application;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Cors;
@ -27,6 +30,8 @@ using Volo.Abp.Localization;
 using Volo.Abp.MultiTenancy;
 using Volo.Abp.VirtualFileSystem;

+using HangfireDashboardOptions = Hangfire.DashboardOptions;
+
 namespace LINGYUN.Abp.MessageService
 {
    public partial class AbpMessageServiceHttpApiHostModule
@ -53,6 +58,19 @@ namespace LINGYUN.Abp.MessageService
            });
        }

+        private void PreCongifureHangfire()
+        {
+            PreConfigure<HangfireDashboardOptions>(options =>
+            {
+                options.AsyncAuthorization = new IDashboardAsyncAuthorizationFilter[]
+                {
+                    new DashboardAuthorizationFilter(
+                        MessageServicePermissions.Hangfire.Dashboard,
+                        MessageServicePermissions.Hangfire.ManageQueue)
+                };
+            });
+        }
+
        private void ConfigureDbContext()
        {
            // 配置Ef
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
@ -77,6 +77,7 @@ namespace LINGYUN.Abp.MessageService
            var configuration = context.Services.GetConfiguration();

            PreConfigureApp();
+            PreCongifureHangfire();
            PreConfigureCAP(configuration);
        }

@ -110,6 +111,7 @@ namespace LINGYUN.Abp.MessageService
            // 跨域
            app.UseCors(DefaultCorsPolicyName);
            app.UseSignalRJwtToken();
+            app.UseHangfireAuthorication();
            // 认证
            app.UseAuthentication();
            app.UseAbpClaimsMap();
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/LINGYUN.Abp.MessageService.HttpApi.Host.csproj
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/LINGYUN.Abp.MessageService.HttpApi.Host.csproj
@ -71,4 +71,8 @@
    <ProjectReference Include="..\..\..\modules\wechat\LINGYUN.Abp.Notifications.WeChat.MiniProgram\LINGYUN.Abp.Notifications.WeChat.MiniProgram.csproj" />
  </ItemGroup>

+  <ItemGroup>
+    <Folder Include="Logs\" />
+  </ItemGroup>
+
 </Project>
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Properties/launchSettings.json
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Properties/launchSettings.json
@ -1,20 +1,20 @@
-{
-  "iisSettings": {
-    "windowsAuthentication": false, 
-    "anonymousAuthentication": true, 
-    "iisExpress": {
-      "applicationUrl": "http://localhost:63963",
-      "sslPort": 0
-    }
-  },
-  "profiles": {
-    "LINGYUN.Abp.MessageService.HttpApi.Host": {
-      "commandName": "Project",
-      "launchBrowser": false,
-      "applicationUrl": "http://localhost:30020",
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
-    }
-  }
-}
+{
+  "iisSettings": {
+    "windowsAuthentication": false, 
+    "anonymousAuthentication": true, 
+    "iisExpress": {
+      "applicationUrl": "http://localhost:63963",
+      "sslPort": 0
+    }
+  },
+  "profiles": {
+    "LINGYUN.Abp.MessageService.HttpApi.Host": {
+      "commandName": "Project",
+      "launchBrowser": false,
+      "applicationUrl": "http://localhost:30020",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}