yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85d35b3a69f4cb7552250fe3a044a60f6c9b6ffa
Umbraco-CMS/src/Umbraco.Web.Common/Profiler/ConfigureMiniProfilerOptions.cs

55 lines
2.2 KiB
C#
Raw Blame History

using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Options;
using OpenIddict.Abstractions;
using StackExchange.Profiling;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Hosting;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Security;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.Common.Profiler;
internal sealed class ConfigureMiniProfilerOptions : IConfigureOptions<MiniProfilerOptions>
{
private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
private readonly string _backOfficePath;
public ConfigureMiniProfilerOptions(
IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
IOptions<GlobalSettings> globalSettings,
IHostingEnvironment hostingEnvironment)
{
_backOfficeSecurityAccessor = backOfficeSecurityAccessor;
_backOfficePath = globalSettings.Value.GetBackOfficePath(hostingEnvironment);
}
public void Configure(MiniProfilerOptions options)
{
options.RouteBasePath = WebPath.Combine(_backOfficePath, "profiler");
// WebProfiler determine and start profiling. We should not use the MiniProfilerMiddleware to also profile
options.ShouldProfile = request => false;
options.IgnoredPaths.Clear();
options.IgnoredPaths.Add(WebPath.Combine(_backOfficePath, "swagger"));
options.IgnoredPaths.Add(WebPath.Combine(options.RouteBasePath, "results-list"));
options.IgnoredPaths.Add(WebPath.Combine(options.RouteBasePath, "results-index"));
options.IgnoredPaths.Add(WebPath.Combine(options.RouteBasePath, "results"));
options.ResultsAuthorizeAsync = IsBackofficeUserAuthorized;
options.ResultsListAuthorizeAsync = IsBackofficeUserAuthorized;
}
private async Task<bool> IsBackofficeUserAuthorized(HttpRequest request)
{
AuthenticateResult authenticateResult = await request.HttpContext.AuthenticateBackOfficeAsync();
ClaimsIdentity? identity = authenticateResult.Principal?.GetUmbracoIdentity();
return identity?.GetClaims(Core.Constants.Security.AllowedApplicationsClaimType)
.InvariantContains(Core.Constants.Applications.Settings) ?? false;
}
}
Reference in New Issue View Git Blame Copy Permalink