2 files changed, 40 insertions, 2 deletions

diff --git a/src/SMAPI.Web/Framework/JobDashboardAuthorizationFilter.cs b/src/SMAPI.Web/Framework/JobDashboardAuthorizationFilter.cs
new file mode 100644
index 00000000..9471d5fe
--- /dev/null
+++ b/src/SMAPI.Web/Framework/JobDashboardAuthorizationFilter.cs
@@ -0,0 +1,34 @@
+using Hangfire.Dashboard;
+
+namespace StardewModdingAPI.Web.Framework
+{
+    /// <summary>Authorises requests to access the Hangfire job dashboard.</summary>
+    internal class JobDashboardAuthorizationFilter : IDashboardAuthorizationFilter
+    {
+        /*********
+        ** Fields
+        *********/
+        /// <summary>An authorization filter that allows local requests.</summary>
+        private static readonly LocalRequestsOnlyAuthorizationFilter LocalRequestsOnlyFilter = new LocalRequestsOnlyAuthorizationFilter();
+
+
+        /*********
+        ** Public methods
+        *********/
+        /// <summary>Authorise a request.</summary>
+        /// <param name="context">The dashboard context.</param>
+        public bool Authorize(DashboardContext context)
+        {
+            return
+                context.IsReadOnly // always allow readonly access
+                || JobDashboardAuthorizationFilter.IsLocalRequest(context); // else allow access from localhost
+        }
+
+        /// <summary>Get whether a request originated from a user on the server machine.</summary>
+        /// <param name="context">The dashboard context.</param>
+        public static bool IsLocalRequest(DashboardContext context)
+        {
+            return JobDashboardAuthorizationFilter.LocalRequestsOnlyFilter.Authorize(context);
+        }
+    }
+}
diff --git a/src/SMAPI.Web/Startup.cs b/src/SMAPI.Web/Startup.cs
index 552d623c..d0456df3 100644
--- a/src/SMAPI.Web/Startup.cs
+++ b/src/SMAPI.Web/Startup.cs
@@ -162,8 +162,12 @@ namespace StardewModdingAPI.Web
                 .UseStaticFiles() // wwwroot folder
                 .UseMvc();
 
-            // config Hangfire
-            app.UseHangfireDashboard("/tasks");
+            // enable Hangfire dashboard
+            app.UseHangfireDashboard("/tasks", new DashboardOptions
+            {
+                IsReadOnlyFunc = context => !JobDashboardAuthorizationFilter.IsLocalRequest(context),
+                Authorization = new[] { new JobDashboardAuthorizationFilter() }
+            });
         }