From 12c79dedf889b5f4f8bb27a615e1e8a4c73a101e Mon Sep 17 00:00:00 2001
From: Sebastian Stehle <sebastian@squidex.io>
Date: Sat, 18 Nov 2017 16:50:32 +0100
Subject: [PATCH] Dashboard protected.

---
 src/Squidex/Config/Orleans/SiloExtensions.cs  | 27 +++++++++++++++++++
 src/Squidex/Squidex.csproj                    |  1 -
 src/Squidex/WebStartup.cs                     |  9 ++++---
 .../administration-area.component.html        |  2 +-
 4 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/src/Squidex/Config/Orleans/SiloExtensions.cs b/src/Squidex/Config/Orleans/SiloExtensions.cs
index c58028dd8..db03aa84b 100644
--- a/src/Squidex/Config/Orleans/SiloExtensions.cs
+++ b/src/Squidex/Config/Orleans/SiloExtensions.cs
@@ -7,10 +7,13 @@
 // ==========================================================================
 
 using System.Reflection;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.Configuration;
 using Orleans;
 using Orleans.Hosting;
 using Orleans.Runtime.Configuration;
+using Squidex.Shared.Identity;
 
 namespace Squidex.Config.Orleans
 {
@@ -39,5 +42,29 @@ namespace Squidex.Config.Orleans
 
             return config;
         }
+
+        public static IApplicationBuilder UseMyOrleansDashboard(this IApplicationBuilder app)
+        {
+            app.Use(async (context, next) =>
+            {
+                var authentication = await context.AuthenticateAsync();
+
+                if (authentication.Succeeded && authentication.Principal.IsInRole(SquidexRoles.Administrator))
+                {
+                    await next();
+                }
+                else
+                {
+                    await context.ChallengeAsync(new AuthenticationProperties
+                    {
+                        RedirectUri = context.Request.PathBase + context.Request.Path
+                    });
+                }
+            });
+
+            app.UseOrleansDashboard();
+
+            return app;
+        }
     }
 }
diff --git a/src/Squidex/Squidex.csproj b/src/Squidex/Squidex.csproj
index ea7cf4eb5..f07d5374b 100644
--- a/src/Squidex/Squidex.csproj
+++ b/src/Squidex/Squidex.csproj
@@ -56,7 +56,6 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="2.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="2.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.MicrosoftAccount" Version="2.0.1" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Redis" Version="0.3.1" />
     <PackageReference Include="Microsoft.AspNetCore.HttpOverrides" Version="2.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.0.1" />
diff --git a/src/Squidex/WebStartup.cs b/src/Squidex/WebStartup.cs
index 28c2e6719..190d091c2 100644
--- a/src/Squidex/WebStartup.cs
+++ b/src/Squidex/WebStartup.cs
@@ -69,10 +69,6 @@ namespace Squidex
 
         private void MapAndUseOrleans(IApplicationBuilder app)
         {
-            app.Map(Constants.OrleansPrefix, orleansApp =>
-            {
-                orleansApp.UseOrleansDashboard();
-            });
         }
 
         private void MapAndUseIdentityServer(IApplicationBuilder app)
@@ -98,6 +94,11 @@ namespace Squidex
                 {
                     mvcApp.UseMvc();
                 });
+
+                identityApp.Map(Constants.OrleansPrefix, orleansApp =>
+                {
+                    orleansApp.UseMyOrleansDashboard();
+                });
             });
         }
 
diff --git a/src/Squidex/app/features/administration/administration-area.component.html b/src/Squidex/app/features/administration/administration-area.component.html
index af9ef753e..35258c707 100644
--- a/src/Squidex/app/features/administration/administration-area.component.html
+++ b/src/Squidex/app/features/administration/administration-area.component.html
@@ -13,7 +13,7 @@
             </a>
         </li>
         <li class="nav-item">
-            <a class="nav-link" href="/orleans/" target="_blank" routerLinkActive="active">
+            <a class="nav-link" href="/identity-server/orleans/" target="_blank" routerLinkActive="active">
                 <i class="nav-icon icon-orleans"></i> <div class="nav-text">Orleans</div>
             </a>
         </li>