check metrics password

6 months ago · 306db4b46c
3 changed files with 60 additions and 22 deletions
--- a/src/server/routes/metrics/index.get.ts
+++ b/src/server/routes/metrics/index.get.ts
@ -1,14 +1,4 @@
-export default defineEventHandler(async (event) => {
-  // TODO: check password
-
-  const prometheus = await Database.metrics.prometheus.get('wg0');
-  if (!prometheus) {
-    throw createError({
-      statusCode: 400,
-      message: 'Prometheus metrics are not enabled',
-    });
-  }
-
+export default defineMetricsHandler('prometheus', async ({ event }) => {
  setHeader(event, 'Content-Type', 'text/plain');
  return getPrometheusResponse();
 });
--- a/src/server/routes/metrics/json.get.ts
+++ b/src/server/routes/metrics/json.get.ts
@ -1,13 +1,3 @@
-export default defineEventHandler(async () => {
-  // TODO: check password
-
-  const prometheus = await Database.metrics.prometheus.get('wg0');
-  if (!prometheus) {
-    throw createError({
-      statusCode: 400,
-      message: 'Prometheus metrics are not enabled',
-    });
-  }
-
+export default defineMetricsHandler('prometheus', async () => {
  return getMetricsJSON();
 });
--- a/src/server/utils/handler.ts
+++ b/src/server/utils/handler.ts
@ -57,3 +57,61 @@ export const defineSetupEventHandler = <
    return await handler({ event, setup });
  });
 };
+
+type Metrics = 'prometheus';
+
+type MetricsHandler<
+  TReq extends EventHandlerRequest,
+  TRes extends EventHandlerResponse,
+> = { (params: { event: H3Event<TReq> }): TRes };
+
+/**
+ * check if the metrics are enabled and the token is correct
+ */
+export const defineMetricsHandler = <
+  TReq extends EventHandlerRequest,
+  TRes extends EventHandlerResponse,
+>(
+  type: Metrics,
+  handler: MetricsHandler<TReq, TRes>
+) => {
+  return defineEventHandler(async (event) => {
+    const auth = getHeader(event, 'Authorization');
+
+    if (!auth) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Unauthorized',
+      });
+    }
+
+    const [method, value] = auth.split(' ');
+
+    if (method !== 'Bearer' || !value) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Bearer Auth required',
+      });
+    }
+
+    const metricsConfig = await Database.metrics[type].get('wg0');
+
+    if (!metricsConfig) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Metrics not enabled',
+      });
+    }
+
+    const tokenValid = await isPasswordValid(value, metricsConfig.password);
+
+    if (!tokenValid) {
+      throw createError({
+        statusCode: 401,
+        statusMessage: 'Incorrect token',
+      });
+    }
+
+    return await handler({ event });
+  });
+};