search

jochen-schweizer / express-prom-bundle

express middleware with standard prometheus metrics in one bundle
MIT License
303 stars 67 forks source link

Authenticate metrics endpoint #61

Closed cxn-pszakacs closed 4 years ago

cxn-pszakacs commented 4 years ago

I want some basic authorization on the /metrics endpoint so that not everyone can get the data from my application. Is there a way I can add an authentication callback function as option with the request as a parameter?

Thanks for your help.

mohsinamjad commented 4 years ago

+1

mohsinamjad commented 4 years ago

@cxn-pszakacs i was able to tackle this using const basicAuth = require('express-basic-auth') app.use('/metrics', basicAuth({ authorizer: (username, password) => { const userMatches = promuser && basicAuth.safeCompare(username, promuser) const passwordMatches = prompassword && basicAuth.safeCompare(password, prompassword) return userMatches & passwordMatches } })) here promuser and prompassword are credentials and requests having basic auth with this credentials will have access to metrics path

disjunction commented 4 years ago

correct. Auth should not be the concern of this library.