6 changed files with 115 additions and 3 deletions
@ -5,9 +5,9 @@ Single sign-on authentication and authorization service for rxbn.de services |
|||
# start server |
|||
## regular |
|||
```sh |
|||
$ DB_URL="mongodb://user:[email protected]:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" node app.js |
|||
$ DB_URL="mongodb://user:[email protected]:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" PROMETHEUS_USER="authUsername" PROMETHEUS_PW="authPassword" node app.js |
|||
``` |
|||
## debug |
|||
```sh |
|||
$ DB_URL="mongodb://user:[email protected]:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" NODE_ENV=debug node app.js |
|||
$ DB_URL="mongodb://user:[email protected]:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" PROMETHEUS_USER="authUsername" PROMETHEUS_PW="authPassword" NODE_ENV=debug node app.js |
|||
``` |
|||
|
|||
@ -0,0 +1,63 @@ |
|||
/* |
|||
* This file is part of the authRXBN single sign-on package. |
|||
* |
|||
* (c) Ruben Meyer <contact@rxbn.de> |
|||
*/ |
|||
|
|||
// init
|
|||
var methods = {}; |
|||
|
|||
let client = require('prom-client'); |
|||
client.collectDefaultMetrics(); // collect system info
|
|||
|
|||
let register = client.register; |
|||
|
|||
let metrics = {}; |
|||
|
|||
var cfg = require(global['__dirname']+'/bin/config'); |
|||
|
|||
/** |
|||
* get a metric |
|||
* @author Ruben Meyer |
|||
* @param {String} name metric name |
|||
* @return {Metric} |
|||
*/ |
|||
methods.getMetric = (name) => { |
|||
return metrics[name]; |
|||
} |
|||
|
|||
/** |
|||
* add a metric |
|||
* @author Ruben Meyer |
|||
* @param {String} name metric name |
|||
* @param {Metric} metric metric object |
|||
* @param {Boolean} overwrite overwrite parameter to overwrite metric if it already exists |
|||
* @return {Boolean} |
|||
*/ |
|||
methods.addMetric = (name, metric, overwrite = false) => { |
|||
if(name in metrics && !overwrite) |
|||
return false; |
|||
|
|||
metrics[name] = metric; |
|||
return true; |
|||
}; |
|||
|
|||
/** |
|||
* get the metrics register |
|||
* @author Ruben Meyer |
|||
* @return {Object} |
|||
*/ |
|||
methods.getRegister = () => { |
|||
return register; |
|||
}; |
|||
|
|||
/** |
|||
* get the metrics client |
|||
* @author Ruben Meyer |
|||
* @return {Object} |
|||
*/ |
|||
methods.getClient = () => { |
|||
return client; |
|||
}; |
|||
|
|||
module.exports = methods; |
|||
@ -0,0 +1,44 @@ |
|||
let promClient = global['requireModule']('prometheus'); |
|||
let cfg = require(global['__dirname']+'/bin/config'); |
|||
let crypto = require('crypto'); |
|||
|
|||
module.exports = { |
|||
path: "/prometheus", |
|||
/** |
|||
* let prometheus query metrics |
|||
* @url /api/prometheus |
|||
* @method GET |
|||
*/ |
|||
get: async (req, res) => { |
|||
// base64 encoded header
|
|||
let b64auth = (req.headers.authorization || '').split(' ')[1] || ''; |
|||
let [user, password] = Buffer.from(b64auth, 'base64').toString().split(':'); |
|||
|
|||
// if request can be authenticated
|
|||
if( |
|||
user |
|||
&& password |
|||
&& user.length == cfg.prometheus.auth_user.length |
|||
&& password.length == cfg.prometheus.auth_pass.length |
|||
&& crypto.timingSafeEqual( |
|||
Buffer.from(password, 'hex'), |
|||
Buffer.from(cfg.prometheus.auth_pass, 'hex') |
|||
) |
|||
&& crypto.timingSafeEqual( |
|||
Buffer.from(user, 'hex'), |
|||
Buffer.from(cfg.prometheus.auth_user, 'hex') |
|||
) |
|||
) { |
|||
res.set('Content-Type', promClient.getRegister().contentType); |
|||
return res.end(await promClient.getRegister().metrics()); |
|||
|
|||
// user is not logged in
|
|||
} else { |
|||
res.set('WWW-Authenticate', 'Basic realm="401"') // change this
|
|||
return res.type('json').end(JSON.stringify({ |
|||
status: 401, |
|||
message: 'msg.auth.login.required' |
|||
})); |
|||
} |
|||
} |
|||
}; |
|||
Loading…
Reference in new issue