enable readonly access to job dashboard when deployed (#651)

1 files changed, 34 insertions, 0 deletions

diff --git a/src/SMAPI.Web/Framework/JobDashboardAuthorizationFilter.cs b/src/SMAPI.Web/Framework/JobDashboardAuthorizationFilter.cs
new file mode 100644
index 00000000..9471d5fe
--- /dev/null
+++ b/src/SMAPI.Web/Framework/JobDashboardAuthorizationFilter.cs
@@ -0,0 +1,34 @@
+using Hangfire.Dashboard;
+
+namespace StardewModdingAPI.Web.Framework
+{
+    /// <summary>Authorises requests to access the Hangfire job dashboard.</summary>
+    internal class JobDashboardAuthorizationFilter : IDashboardAuthorizationFilter
+    {
+        /*********
+        ** Fields
+        *********/
+        /// <summary>An authorization filter that allows local requests.</summary>
+        private static readonly LocalRequestsOnlyAuthorizationFilter LocalRequestsOnlyFilter = new LocalRequestsOnlyAuthorizationFilter();
+
+
+        /*********
+        ** Public methods
+        *********/
+        /// <summary>Authorise a request.</summary>
+        /// <param name="context">The dashboard context.</param>
+        public bool Authorize(DashboardContext context)
+        {
+            return
+                context.IsReadOnly // always allow readonly access
+                || JobDashboardAuthorizationFilter.IsLocalRequest(context); // else allow access from localhost
+        }
+
+        /// <summary>Get whether a request originated from a user on the server machine.</summary>
+        /// <param name="context">The dashboard context.</param>
+        public static bool IsLocalRequest(DashboardContext context)
+        {
+            return JobDashboardAuthorizationFilter.LocalRequestsOnlyFilter.Authorize(context);
+        }
+    }
+}