Skip to content

Commit

Permalink
Merge pull request #33 from zohmi/toggle-token-validation
Browse files Browse the repository at this point in the history 
Add possibility to disable token validation
  • Loading branch information
@DavidLambauer
DavidLambauer authored Jun 23, 2023
2 parents 8833d6b + 163061f commit 21a542b
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 10 deletions.
22 changes: 12 additions & 10 deletions src/Controller/Index/Index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,18 @@ public function __construct(

public function execute(): ResultInterface
{
$token = sprintf('Bearer %s', $this->config->getToken());
$authorizationHeader = $this->getRequest()->getHeader('Authorization');

if ($token !== $authorizationHeader) {
/** @var \Magento\Framework\Controller\Result\Raw $result */
$result = $this->resultFactory->create(ResultFactory::TYPE_RAW);
$result->setHttpResponseCode(Http::STATUS_CODE_401);
$result->setContents('You are not allowed to see these metrics.');

return $result;
if ($this->config->getTokenValidationEnabled()) {
$token = sprintf('Bearer %s', $this->config->getToken());
$authorizationHeader = $this->getRequest()->getHeader('Authorization');

if ($token !== $authorizationHeader) {
/** @var \Magento\Framework\Controller\Result\Raw $result */
$result = $this->resultFactory->create(ResultFactory::TYPE_RAW);
$result->setHttpResponseCode(Http::STATUS_CODE_401);
$result->setContents('You are not allowed to see these metrics.');

return $result;
}
}

return $this->prometheusResultFactory->create();
Expand Down
6 changes: 6 additions & 0 deletions src/Data/Config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ class Config
{
private const CONFIG_PATH_METRICS_ENABLED = 'metric_configuration/metric/metric_status';
private const CONFIG_PATH_AUTH_TOKEN = 'metric_configuration/security/token';
private const CONFIG_PATH_TOKEN_VALIDATION_ENABLED = 'metric_configuration/security/enable_token';

private $config;
private $metricsSource;
Expand All @@ -38,6 +39,11 @@ public function getDefaultMetrics(): array
return array_column($this->metricsSource->toOptionArray(), 'value');
}

public function getTokenValidationEnabled(?string $scopeCode = null): bool
{
return $this->config->isSetFlag(self::CONFIG_PATH_TOKEN_VALIDATION_ENABLED, ScopeInterface::SCOPE_STORE, $scopeCode);
}

public function getToken(?string $scopeCode = null): string
{
return $this->config->getValue(self::CONFIG_PATH_AUTH_TOKEN, ScopeInterface::SCOPE_STORE, $scopeCode) ?? '';
Expand Down
10 changes: 10 additions & 0 deletions src/etc/adminhtml/system.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,25 @@
<label>Security Settings for the Prometheus Scrape Config</label>
<comment>This section contains security related configurations. We recommend using the Bearer Token in your Prometheus Scrape Config.</comment>

<field id="enable_token" showInWebsite="1" showInStore="1" showInDefault="1" type="select">
<label>Enable token authorization</label>
<source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
</field>
<field id="token" showInWebsite="1" showInStore="1" showInDefault="1" type="text">
<label>Token</label>
<frontend_model>RunAsRoot\PrometheusExporter\Block\Adminhtml\System\Config\DisabledText</frontend_model>
<depends>
<field id="metric_configuration/security/enable_token">1</field>
</depends>
</field>

<field id="generate_auth_token" translate="button_label" sortOrder="20" showInDefault="1" showInWebsite="1" showInStore="1">
<button_label>Generate</button_label>
<comment>Click 'Generate' to generate a random auth token, that you can use for your scrape config.</comment>
<frontend_model>RunAsRoot\PrometheusExporter\Block\Adminhtml\System\Config\TokenGenerator</frontend_model>
<depends>
<field id="metric_configuration/security/enable_token">1</field>
</depends>
</field>
</group>
</section>
Expand Down

0 comments on commit 21a542b

Please sign in to comment.