Closed RyanBard closed 3 years ago
Here is a PR to add this feature (and update the tests and types):
Let me know if you'd like the feature, but want it a different way (or if I should add something to the PR like bumping the version).
@RyanBard thanks for contributing. I believe it was removed because whitelisting duplicates core express functionality. And i try to keep the library as simple as possible (it already has too many options as to my taste).
You can achieve the same result with the code like this:
app.use(['/metrics', '/foo*'], promBundle())
app.get('/foo/123', handler1) // will be counted by prom bundle
app.get('/bar/567', handler2) // will be ignored by prom bundle
Have you considered this approach?
Good point. I didn't think about handling this in express. Thanks! I'll close this issue and the PR.
Thanks for the extremely useful middlware!
I've run into a potential issue when using it, however.
When turning on the
includePath
option, I don't see a convenient way to allow only the paths I want. This is important to have for security reasons. A malicious caller could flood your endpoint with randomly generated urls that would 404, but also create metrics for each of those paths (which could get really expensive in your cloud provider).I see a way to exclude paths via
excludeRoutes
and that I can specify anything I want withbypass
, however, I don't see something more convenient like awhitelistRoutes
,allowRoutes
,includeRoutes
, oronlyIncludeRoutes
.I see that a
whitelist
andblacklist
used to be in the code, but was replaced with onlyexcludeRoutes
: https://github.com/jochen-schweizer/express-prom-bundle/commit/c6d59647686c4271a2d620925ebb0ea1eb52890fHow to workaround with
bypass
:Better workaround:
Proposed feature: just add this in-between bypass and excludeRoutes: https://github.com/jochen-schweizer/express-prom-bundle/blob/1ec800cde7867ed3e4e7966f6de8fc7251dcf7fd/src/index.js#L175
Thanks again for awesome middleware!