Stowage/rest-server
2
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-10-19 07:33:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

Prometheus: keep auth by default

Browse source 
Restore the previous behaviour where the Prometheus /metrics endpoint
required auth if auth was enabled.

A new -prometheus-no-auth flag allows you to override this and disable
auth for that specific endpoint.
This commit is contained in:
Konrad Wojas 2021-01-04 20:23:26 +08:00 committed by Alexander Neumann
parent 32c138aa84
commit 9db2d52fbe
3 changed files with 31 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

1
cmd/rest-server/main.go
View file

@ -50,6 +50,7 @@ func init() {
flags.BoolVar(&server.AppendOnly, "append-only", server.AppendOnly, "enable append only mode") flags.BoolVar(&server.AppendOnly, "append-only", server.AppendOnly, "enable append only mode")
flags.BoolVar(&server.PrivateRepos, "private-repos", server.PrivateRepos, "users can only access their private repo") flags.BoolVar(&server.PrivateRepos, "private-repos", server.PrivateRepos, "users can only access their private repo")
flags.BoolVar(&server.Prometheus, "prometheus", server.Prometheus, "enable Prometheus metrics") flags.BoolVar(&server.Prometheus, "prometheus", server.Prometheus, "enable Prometheus metrics")
flags.BoolVar(&server.Prometheus, "prometheus-no-auth", server.PrometheusNoAuth, "disable auth for Prometheus /metrics endpoint")
flags.BoolVarP(&showVersion, "version", "V", showVersion, "output version and exit") flags.BoolVarP(&showVersion, "version", "V", showVersion, "output version and exit")
} }

29
handlers.go
View file

@ -14,20 +14,21 @@ import (
// Server encapsulates the rest-server's settings and repo management logic // Server encapsulates the rest-server's settings and repo management logic
type Server struct { type Server struct {
Path string Path string
Listen string Listen string
Log string Log string
CPUProfile string CPUProfile string
TLSKey string TLSKey string
TLSCert string TLSCert string
TLS bool TLS bool
NoAuth bool NoAuth bool
AppendOnly bool AppendOnly bool
PrivateRepos bool PrivateRepos bool
Prometheus bool Prometheus bool
Debug bool PrometheusNoAuth bool
MaxRepoSize int64 Debug bool
PanicOnError bool MaxRepoSize int64
PanicOnError bool
htpasswdFile *HtpasswdFile htpasswdFile *HtpasswdFile
quotaManager *quota.Manager quotaManager *quota.Manager

17
mux.go
View file

@ -45,6 +45,16 @@ func (s *Server) checkAuth(r *http.Request) (username string, ok bool) {
return username, true return username, true
} }
func (s *Server) wrapAuth(f http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if _, ok := s.checkAuth(r); !ok {
httpDefaultError(w, http.StatusUnauthorized)
return
}
f(w, r)
}
}
// NewHandler returns the master HTTP multiplexer/router. // NewHandler returns the master HTTP multiplexer/router.
func NewHandler(server *Server) (http.Handler, error) { func NewHandler(server *Server) (http.Handler, error) {
if !server.NoAuth { if !server.NoAuth {
@ -67,8 +77,11 @@ func NewHandler(server *Server) (http.Handler, error) {
mux := http.NewServeMux() mux := http.NewServeMux()
if server.Prometheus { if server.Prometheus {
// FIXME: need auth like in previous version? if server.PrometheusNoAuth {
mux.Handle("/metrics", promhttp.Handler()) mux.Handle("/metrics", promhttp.Handler())
} else {
mux.HandleFunc("/metrics", server.wrapAuth(promhttp.Handler().ServeHTTP))
}
} }
mux.Handle("/", server) mux.Handle("/", server)