gitea/routers/web/metrics.go

// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package web

import (
	"crypto/subtle"
	"net/http"

	"code.gitea.io/gitea/modules/setting"

	"github.com/prometheus/client_golang/prometheus/promhttp"
)

// Metrics validate auth token and render prometheus metrics
func Metrics(resp http.ResponseWriter, req *http.Request) {
	if setting.Metrics.Token == "" {
		promhttp.Handler().ServeHTTP(resp, req)
		return
	}
	header := req.Header.Get("Authorization")
	if header == "" {
		http.Error(resp, "", http.StatusUnauthorized)
		return
	}
	got := []byte(header)
	want := []byte("Bearer " + setting.Metrics.Token)
	if subtle.ConstantTimeCompare(got, want) != 1 {
		http.Error(resp, "", http.StatusUnauthorized)
		return
	}
	promhttp.Handler().ServeHTTP(resp, req)
}
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`// Copyright 2018 The Gitea Authors. All rights reserved.`
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> 2022-11-27 11:20:29 -07:00			`// SPDX-License-Identifier: MIT`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00
Refactor routers directory (#15800) * refactor routers directory * move func used for web and api to common * make corsHandler a function to prohibit side efects * rm unused func Co-authored-by: 6543 <6543@obermui.de> 2021-06-08 17:33:54 -06:00			`package web`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00
			`import (`
routers: do not leak secrets via timing side channel (#7364) * routers: do not leak secrets via timing side channel * routers/repo: do not leak secrets via timing side channel 2019-07-06 11:03:13 -06:00			`"crypto/subtle"`
Move metrics from macaron to chi (#13601) 2020-11-17 13:50:06 -07:00			`"net/http"`
routers: do not leak secrets via timing side channel (#7364) * routers: do not leak secrets via timing side channel * routers/repo: do not leak secrets via timing side channel 2019-07-06 11:03:13 -06:00
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`"code.gitea.io/gitea/modules/setting"`
Use gitea forked macaron (#7933) Signed-off-by: Tamal Saha <tamal@appscode.com> 2019-08-23 10:40:30 -06:00
			`"github.com/prometheus/client_golang/prometheus/promhttp"`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`)`

			`// Metrics validate auth token and render prometheus metrics`
Move metrics from macaron to chi (#13601) 2020-11-17 13:50:06 -07:00			`func Metrics(resp http.ResponseWriter, req *http.Request) {`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`if setting.Metrics.Token == "" {`
Move metrics from macaron to chi (#13601) 2020-11-17 13:50:06 -07:00			`promhttp.Handler().ServeHTTP(resp, req)`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`return`
			`}`
Move metrics from macaron to chi (#13601) 2020-11-17 13:50:06 -07:00			`header := req.Header.Get("Authorization")`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`if header == "" {`
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect 2022-03-22 22:54:07 -06:00			`http.Error(resp, "", http.StatusUnauthorized)`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`return`
			`}`
routers: do not leak secrets via timing side channel (#7364) * routers: do not leak secrets via timing side channel * routers/repo: do not leak secrets via timing side channel 2019-07-06 11:03:13 -06:00			`got := []byte(header)`
			`want := []byte("Bearer " + setting.Metrics.Token)`
			`if subtle.ConstantTimeCompare(got, want) != 1 {`
Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect 2022-03-22 22:54:07 -06:00			`http.Error(resp, "", http.StatusUnauthorized)`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`return`
			`}`
Move metrics from macaron to chi (#13601) 2020-11-17 13:50:06 -07:00			`promhttp.Handler().ServeHTTP(resp, req)`
Prometheus endpoint (#5256) * Add prometheus collector and route * dep ensure -add github.com/prometheus/client_golang/prometheus * dep ensure -update github.com/golang/protobuf * add metrics to reserved usernames * add comment head in metrics package * fix style imports * add metrics settings * add bearer token check * mapping metrics configs * fix lint * update config cheat sheet * update conf sample, typo fix 2018-11-04 20:20:00 -07:00			`}`