garm/auth/metrics.go

package auth

import (
	"context"
	"fmt"
	"net/http"
	"strings"

	"github.com/cloudbase/garm/config"

	jwt "github.com/golang-jwt/jwt/v5"
)

type MetricsMiddleware struct {
	cfg config.JWTAuth
}

func NewMetricsMiddleware(cfg config.JWTAuth) (*MetricsMiddleware, error) {
	return &MetricsMiddleware{
		cfg: cfg,
	}, nil
}

func (m *MetricsMiddleware) Middleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

		ctx := r.Context()
		authorizationHeader := r.Header.Get("authorization")
		if authorizationHeader == "" {
			invalidAuthResponse(w)
			return
		}

		bearerToken := strings.Split(authorizationHeader, " ")
		if len(bearerToken) != 2 {
			invalidAuthResponse(w)
			return
		}

		claims := &JWTClaims{}
		token, err := jwt.ParseWithClaims(bearerToken[1], claims, func(token *jwt.Token) (interface{}, error) {
			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
				return nil, fmt.Errorf("invalid signing method")
			}
			return []byte(m.cfg.Secret), nil
		})

		if err != nil {
			invalidAuthResponse(w)
			return
		}

		if !token.Valid {
			invalidAuthResponse(w)
			return
		}

		// we fully trust the claims
		if !claims.ReadMetrics {
			invalidAuthResponse(w)
			return
		}

		ctx = context.WithValue(ctx, isAdminKey, false)
		ctx = context.WithValue(ctx, readMetricsKey, true)

		next.ServeHTTP(w, r.WithContext(ctx))
	})
}
feat: add prometheus metrics & endpoint 2023-01-17 17:32:28 +01:00			`package auth`

			`import (`
metrics: fix review findings 2023-01-26 14:02:53 +01:00			`"context"`
feat: add prometheus metrics & endpoint 2023-01-17 17:32:28 +01:00			`"fmt"`
			`"net/http"`
			`"strings"`

Rename module This change renames the module from "garm" to "github.com/cloudbase/garm". This will make it easier to consume public functions defined in garm, by external applications, without having to resort to replace. Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com> 2023-03-12 16:01:49 +02:00			`"github.com/cloudbase/garm/config"`

Update to latest jwt Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com> 2023-12-18 16:06:03 +00:00			`jwt "github.com/golang-jwt/jwt/v5"`
feat: add prometheus metrics & endpoint 2023-01-17 17:32:28 +01:00			`)`

			`type MetricsMiddleware struct {`
			`cfg config.JWTAuth`
			`}`

metrics: fix review findings 2023-01-26 14:02:53 +01:00			`func NewMetricsMiddleware(cfg config.JWTAuth) (*MetricsMiddleware, error) {`
feat: add prometheus metrics & endpoint 2023-01-17 17:32:28 +01:00			`return &MetricsMiddleware{`
			`cfg: cfg,`
metrics: fix review findings 2023-01-26 14:02:53 +01:00			`}, nil`
feat: add prometheus metrics & endpoint 2023-01-17 17:32:28 +01:00			`}`

			`func (m *MetricsMiddleware) Middleware(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`

			`ctx := r.Context()`
			`authorizationHeader := r.Header.Get("authorization")`
			`if authorizationHeader == "" {`
			`invalidAuthResponse(w)`
			`return`
			`}`

			`bearerToken := strings.Split(authorizationHeader, " ")`
			`if len(bearerToken) != 2 {`
			`invalidAuthResponse(w)`
			`return`
			`}`

			`claims := &JWTClaims{}`
			`token, err := jwt.ParseWithClaims(bearerToken[1], claims, func(token *jwt.Token) (interface{}, error) {`
			`if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {`
			`return nil, fmt.Errorf("invalid signing method")`
			`}`
			`return []byte(m.cfg.Secret), nil`
			`})`

			`if err != nil {`
			`invalidAuthResponse(w)`
			`return`
			`}`

			`if !token.Valid {`
			`invalidAuthResponse(w)`
			`return`
			`}`

			`// we fully trust the claims`
			`if !claims.ReadMetrics {`
			`invalidAuthResponse(w)`
			`return`
			`}`

metrics: fix review findings 2023-01-26 14:02:53 +01:00			`ctx = context.WithValue(ctx, isAdminKey, false)`
			`ctx = context.WithValue(ctx, readMetricsKey, true)`

feat: add prometheus metrics & endpoint 2023-01-17 17:32:28 +01:00			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`