web,prometheus - initial support

2020-09-26 22:23:52 +02:00 · 2020-09-26 22:23:52 +02:00 · b3d0896f51
commit b3d0896f51
parent e2de57ea0a
6 changed files with 115 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -5,9 +5,9 @@ Single sign-on authentication and authorization service for rxbn.de services
 # start server
 ## regular
 ```sh
-$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" node app.js
+$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" PROMETHEUS_USER="authUsername" PROMETHEUS_PW="authPassword" node app.js
 ```
 ## debug
 ```sh
-$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" NODE_ENV=debug node app.js
+$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" PROMETHEUS_USER="authUsername" PROMETHEUS_PW="authPassword" NODE_ENV=debug node app.js
 ```
--- a/app.js
+++ b/app.js
@ -16,7 +16,7 @@ let load = global['requireModule'] = (name) => {
 };

 // environment variable check
-let env_vars = ["DB_URL", "DB_NAME", "SESSION_KEY", "COOKIE_KEY"];
+let env_vars = ["DB_URL", "DB_NAME", "SESSION_KEY", "COOKIE_KEY", "PROMETHEUS_USER", "PROMETHEUS_PW"];
 let env_missing = false;
 env_vars.forEach((el) => {
 	if(typeof process.env[el] == 'undefined') {
--- a/bin/config.js
+++ b/bin/config.js
@ -34,5 +34,9 @@ module.exports = {
 	mongoose: {
 		uri: process.env.DB_URL,
 		db: process.env.DB_NAME
+	},
+	prometheus: {
+		auth_user: process.env.PROMETHEUS_USER,
+		auth_pass: process.env.PROMETHEUS_PW
 	}
 };
--- a/bin/prometheus/module.js
+++ b/bin/prometheus/module.js
@ -0,0 +1,63 @@
+/*
+ * This file is part of the authRXBN single sign-on package.
+ *
+ * (c) Ruben Meyer <contact@rxbn.de>
+ */
+
+// init
+var methods = {};
+
+let client = require('prom-client');
+client.collectDefaultMetrics(); // collect system info
+
+let register = client.register;
+
+let metrics = {};
+
+var cfg = require(global['__dirname']+'/bin/config');
+
+/**
+ * get a metric
+ * @author Ruben Meyer
+ * @param {String} name metric name
+ * @return {Metric}
+ */
+methods.getMetric = (name) => {
+	return metrics[name];
+}
+
+/**
+ * add a metric
+ * @author Ruben Meyer
+ * @param {String} name metric name
+ * @param {Metric} metric metric object
+ * @param {Boolean} overwrite overwrite parameter to overwrite metric if it already exists
+ * @return {Boolean}
+ */
+methods.addMetric = (name, metric, overwrite = false) => {
+	if(name in metrics && !overwrite)
+		return false;
+
+	metrics[name] = metric;
+	return true;
+};
+
+/**
+ * get the metrics register
+ * @author Ruben Meyer
+ * @return {Object}
+ */
+methods.getRegister = () => {
+	return register;
+};
+
+/**
+ * get the metrics client
+ * @author Ruben Meyer
+ * @return {Object}
+ */
+methods.getClient = () => {
+	return client;
+};
+
+module.exports = methods;
--- a/bin/web/routes/api/prometheus.js
+++ b/bin/web/routes/api/prometheus.js
@ -0,0 +1,44 @@
+let promClient = global['requireModule']('prometheus');
+let cfg = require(global['__dirname']+'/bin/config');
+let crypto = require('crypto');
+
+module.exports = {
+	path: "/prometheus",
+	/**
+	 * let prometheus query metrics
+	 * @url /api/prometheus
+	 * @method GET
+	 */
+	get: async (req, res) => {
+		// base64 encoded header
+		let b64auth = (req.headers.authorization || '').split(' ')[1] || '';
+		let [user, password] = Buffer.from(b64auth, 'base64').toString().split(':');
+
+		// if request can be authenticated
+		if(
+			user
+			&& password
+			&& user.length == cfg.prometheus.auth_user.length
+			&& password.length == cfg.prometheus.auth_pass.length
+			&& crypto.timingSafeEqual(
+				Buffer.from(password, 'hex'),
+				Buffer.from(cfg.prometheus.auth_pass, 'hex')
+			)
+			&& crypto.timingSafeEqual(
+				Buffer.from(user, 'hex'),
+				Buffer.from(cfg.prometheus.auth_user, 'hex')
+			)
+		) {
+			res.set('Content-Type', promClient.getRegister().contentType);
+			return res.end(await promClient.getRegister().metrics());
+
+		// user is not logged in
+		} else {
+			res.set('WWW-Authenticate', 'Basic realm="401"') // change this
+			return res.type('json').end(JSON.stringify({
+				status: 401,
+				message: 'msg.auth.login.required'
+			}));
+		}
+	}
+};
--- a/package.json
+++ b/package.json
@ -14,6 +14,7 @@
    "express-session": "^1.17.1",
    "mongo-sanitize": "^1.1.0",
    "mongoose": "^5.9.28",
+    "prom-client": "^12.0.0",
    "pug": "^3.0.0"
  }
 }