From e3b1c5d61270edc1256baf0402b0e14d4da80354 Mon Sep 17 00:00:00 2001
From: Konrad Wojas <github@m.wojas.nl>
Date: Thu, 7 Jan 2021 14:36:33 +0800
Subject: [PATCH] Metrics: require user 'metrics' for private repo mode

To match previous behaviour, require username 'metrics' when private
repo mode is enabled.
---
 mux.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/mux.go b/mux.go
index 6ed3e08..b18a5c3 100644
--- a/mux.go
+++ b/mux.go
@@ -45,9 +45,14 @@ func (s *Server) checkAuth(r *http.Request) (username string, ok bool) {
 	return username, true
 }
 
-func (s *Server) wrapAuth(f http.HandlerFunc) http.HandlerFunc {
+func (s *Server) wrapMetricsAuth(f http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if _, ok := s.checkAuth(r); !ok {
+		username, ok := s.checkAuth(r)
+		if !ok {
+			httpDefaultError(w, http.StatusUnauthorized)
+			return
+		}
+		if s.PrivateRepos && username != "metrics" {
 			httpDefaultError(w, http.StatusUnauthorized)
 			return
 		}
@@ -80,7 +85,7 @@ func NewHandler(server *Server) (http.Handler, error) {
 		if server.PrometheusNoAuth {
 			mux.Handle("/metrics", promhttp.Handler())
 		} else {
-			mux.HandleFunc("/metrics", server.wrapAuth(promhttp.Handler().ServeHTTP))
+			mux.HandleFunc("/metrics", server.wrapMetricsAuth(promhttp.Handler().ServeHTTP))
 		}
 	}
 	mux.Handle("/", server)