auth.rxbn.de/bin/web/routes/api/prometheus.js

let promClient = global['requireModule']('prometheus');
let cfg = require(global['__dirname']+'/bin/config');
let crypto = require('crypto');

module.exports = {
	path: "/prometheus",
	/**
	 * let prometheus query metrics
	 * @url /api/prometheus
	 * @method GET
	 */
	get: async (req, res) => {
		// base64 encoded header
		let b64auth = (req.headers.authorization || '').split(' ')[1] || '';
		let [user, password] = Buffer.from(b64auth, 'base64').toString().split(':');

		// if request can be authenticated
		if(
			user
			&& password
			&& user.length == cfg.prometheus.auth_user.length
			&& password.length == cfg.prometheus.auth_pass.length
			&& crypto.timingSafeEqual(
				Buffer.from(password, 'hex'),
				Buffer.from(cfg.prometheus.auth_pass, 'hex')
			)
			&& crypto.timingSafeEqual(
				Buffer.from(user, 'hex'),
				Buffer.from(cfg.prometheus.auth_user, 'hex')
			)
		) {
			res.set('Content-Type', promClient.getRegister().contentType);
			return res.end(await promClient.getRegister().metrics());

		// user is not logged in
		} else {
			res.set('WWW-Authenticate', 'Basic realm="401"') // change this
			return res.type('json').end(JSON.stringify({
				status: 401,
				message: 'msg.auth.login.required'
			}));
		}
	}
};