rxbn_/auth.rxbn.de
1
0
Fork 0
Code Releases Activity

web,prometheus - initial support

Browse Source
This commit is contained in:
Ruben Meyer 2020-09-26 22:23:52 +02:00
parent e2de57ea0a
commit b3d0896f51
Signed by: rxbn_
GPG Key ID: BE3BF898BE352FE2
6 changed files with 115 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -5,9 +5,9 @@ Single sign-on authentication and authorization service for rxbn.de services
# start server # start server
## regular ## regular
```sh ```sh
$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" node app.js $ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" PROMETHEUS_USER="authUsername" PROMETHEUS_PW="authPassword" node app.js
``` ```
## debug ## debug
```sh ```sh
$ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" NODE_ENV=debug node app.js $ DB_URL="mongodb://user:pass@ip:port/authdb" DB_NAME="authRxbn" SESSION_KEY="32byteHexString" COOKIE_KEY="32byteHexString" PROMETHEUS_USER="authUsername" PROMETHEUS_PW="authPassword" NODE_ENV=debug node app.js
``` ```

2
app.js
View File

@ -16,7 +16,7 @@ let load = global['requireModule'] = (name) => {
}; };
// environment variable check // environment variable check
let env_vars = ["DB_URL", "DB_NAME", "SESSION_KEY", "COOKIE_KEY"]; let env_vars = ["DB_URL", "DB_NAME", "SESSION_KEY", "COOKIE_KEY", "PROMETHEUS_USER", "PROMETHEUS_PW"];
let env_missing = false; let env_missing = false;
env_vars.forEach((el) => { env_vars.forEach((el) => {
if(typeof process.env[el] == 'undefined') { if(typeof process.env[el] == 'undefined') {

4
bin/config.js
View File

@ -34,5 +34,9 @@ module.exports = {
mongoose: { mongoose: {
uri: process.env.DB_URL, uri: process.env.DB_URL,
db: process.env.DB_NAME db: process.env.DB_NAME
},
prometheus: {
auth_user: process.env.PROMETHEUS_USER,
auth_pass: process.env.PROMETHEUS_PW
} }
}; };

63
bin/prometheus/module.js Normal file
View File

@ -0,0 +1,63 @@
/*
* This file is part of the authRXBN single sign-on package.
*
* (c) Ruben Meyer <contact@rxbn.de>
*/
// init
var methods = {};
let client = require('prom-client');
client.collectDefaultMetrics(); // collect system info
let register = client.register;
let metrics = {};
var cfg = require(global['__dirname']+'/bin/config');
/**
* get a metric
* @author Ruben Meyer
* @param {String} name metric name
* @return {Metric}
*/
methods.getMetric = (name) => {
return metrics[name];
}
/**
* add a metric
* @author Ruben Meyer
* @param {String} name metric name
* @param {Metric} metric metric object
* @param {Boolean} overwrite overwrite parameter to overwrite metric if it already exists
* @return {Boolean}
*/
methods.addMetric = (name, metric, overwrite = false) => {
if(name in metrics && !overwrite)
return false;
metrics[name] = metric;
return true;
};
/**
* get the metrics register
* @author Ruben Meyer
* @return {Object}
*/
methods.getRegister = () => {
return register;
};
/**
* get the metrics client
* @author Ruben Meyer
* @return {Object}
*/
methods.getClient = () => {
return client;
};
module.exports = methods;

44
bin/web/routes/api/prometheus.js Normal file
View File

@ -0,0 +1,44 @@
let promClient = global['requireModule']('prometheus');
let cfg = require(global['__dirname']+'/bin/config');
let crypto = require('crypto');
module.exports = {
path: "/prometheus",
/**
* let prometheus query metrics
* @url /api/prometheus
* @method GET
*/
get: async (req, res) => {
// base64 encoded header
let b64auth = (req.headers.authorization || '').split(' ')[1] || '';
let [user, password] = Buffer.from(b64auth, 'base64').toString().split(':');
// if request can be authenticated
if(
user
&& password
&& user.length == cfg.prometheus.auth_user.length
&& password.length == cfg.prometheus.auth_pass.length
&& crypto.timingSafeEqual(
Buffer.from(password, 'hex'),
Buffer.from(cfg.prometheus.auth_pass, 'hex')
)
&& crypto.timingSafeEqual(
Buffer.from(user, 'hex'),
Buffer.from(cfg.prometheus.auth_user, 'hex')
)
) {
res.set('Content-Type', promClient.getRegister().contentType);
return res.end(await promClient.getRegister().metrics());
// user is not logged in
} else {
res.set('WWW-Authenticate', 'Basic realm="401"') // change this
return res.type('json').end(JSON.stringify({
status: 401,
message: 'msg.auth.login.required'
}));
}
}
};

1
package.json
View File

@ -14,6 +14,7 @@
"express-session": "^1.17.1", "express-session": "^1.17.1",
"mongo-sanitize": "^1.1.0", "mongo-sanitize": "^1.1.0",
"mongoose": "^5.9.28", "mongoose": "^5.9.28",
"prom-client": "^12.0.0",
"pug": "^3.0.0" "pug": "^3.0.0"
} }
} }