mirror of https://github.com/Squidex/squidex.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.7 KiB
47 lines
1.7 KiB
// ==========================================================================
|
|
// Squidex Headless CMS
|
|
// ==========================================================================
|
|
// Copyright (c) Squidex UG (haftungsbeschränkt)
|
|
// All rights reserved. Licensed under the MIT license.
|
|
// ==========================================================================
|
|
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Squidex.Infrastructure.Security;
|
|
using Squidex.Shared;
|
|
using Squidex.Shared.Identity;
|
|
|
|
namespace Squidex.Areas.OrleansDashboard.Middlewares
|
|
{
|
|
public sealed class OrleansDashboardAuthenticationMiddleware
|
|
{
|
|
private static readonly Permission OrleansPermissions = new Permission(Permissions.AdminOrleans);
|
|
|
|
private readonly RequestDelegate next;
|
|
|
|
public OrleansDashboardAuthenticationMiddleware(RequestDelegate next)
|
|
{
|
|
this.next = next;
|
|
}
|
|
|
|
public async Task Invoke(HttpContext context)
|
|
{
|
|
var authentication = await context.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
|
|
if (!authentication.Succeeded || !authentication.Principal.Permissions().Allows(OrleansPermissions))
|
|
{
|
|
await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
|
|
{
|
|
RedirectUri = context.Request.PathBase + context.Request.Path
|
|
});
|
|
}
|
|
else
|
|
{
|
|
await next(context);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|