Dashboard protected.

9 years ago · 12c79dedf8
4 changed files with 33 additions and 6 deletions
--- a/src/Squidex/Config/Orleans/SiloExtensions.cs
+++ b/src/Squidex/Config/Orleans/SiloExtensions.cs
@ -7,10 +7,13 @@
 // ==========================================================================

 using System.Reflection;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.Configuration;
 using Orleans;
 using Orleans.Hosting;
 using Orleans.Runtime.Configuration;
+using Squidex.Shared.Identity;

 namespace Squidex.Config.Orleans
 {
@ -39,5 +42,29 @@ namespace Squidex.Config.Orleans

            return config;
        }
+
+        public static IApplicationBuilder UseMyOrleansDashboard(this IApplicationBuilder app)
+        {
+            app.Use(async (context, next) =>
+            {
+                var authentication = await context.AuthenticateAsync();
+
+                if (authentication.Succeeded && authentication.Principal.IsInRole(SquidexRoles.Administrator))
+                {
+                    await next();
+                }
+                else
+                {
+                    await context.ChallengeAsync(new AuthenticationProperties
+                    {
+                        RedirectUri = context.Request.PathBase + context.Request.Path
+                    });
+                }
+            });
+
+            app.UseOrleansDashboard();
+
+            return app;
+        }
    }
 }
--- a/src/Squidex/Squidex.csproj
+++ b/src/Squidex/Squidex.csproj
@ -56,7 +56,6 @@
    <PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="2.0.1" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="2.0.1" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.MicrosoftAccount" Version="2.0.1" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Redis" Version="0.3.1" />
    <PackageReference Include="Microsoft.AspNetCore.HttpOverrides" Version="2.0.1" />
    <PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.0.1" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.0.1" />
--- a/src/Squidex/WebStartup.cs
+++ b/src/Squidex/WebStartup.cs
@ -69,10 +69,6 @@ namespace Squidex

        private void MapAndUseOrleans(IApplicationBuilder app)
        {
-            app.Map(Constants.OrleansPrefix, orleansApp =>
-            {
-                orleansApp.UseOrleansDashboard();
-            });
        }

        private void MapAndUseIdentityServer(IApplicationBuilder app)
@ -98,6 +94,11 @@ namespace Squidex
                {
                    mvcApp.UseMvc();
                });
+
+                identityApp.Map(Constants.OrleansPrefix, orleansApp =>
+                {
+                    orleansApp.UseMyOrleansDashboard();
+                });
            });
        }

--- a/src/Squidex/app/features/administration/administration-area.component.html
+++ b/src/Squidex/app/features/administration/administration-area.component.html
@ -13,7 +13,7 @@
            </a>
        </li>
        <li class="nav-item">
-            <a class="nav-link" href="/orleans/" target="_blank" routerLinkActive="active">
+            <a class="nav-link" href="/identity-server/orleans/" target="_blank" routerLinkActive="active">
                <i class="nav-icon icon-orleans"></i> <div class="nav-text">Orleans</div>
            </a>
        </li>