Merge pull request #129 from amazeeio/dev

PhiRho · web-flow · commit b59b3c579862 · 2025-09-08T13:10:12.000+02:00
Add Prometheus API key support and enhance metrics authorization handling
diff --git a/app/core/config.py b/app/core/config.py
@@ -33,6 +33,7 @@ class Settings(BaseSettings):
     STRIPE_PUBLISHABLE_KEY: str = os.getenv("STRIPE_PUBLISHABLE_KEY", "pk_test_string")
     WEBHOOK_SIG: str = os.getenv("WEBHOOK_SIG", "whsec_test_1234567890")
     ENABLE_METRICS: bool = os.getenv("ENABLE_METRICS", "false") == "true"
+    PROMETHEUS_API_KEY: str = os.getenv("PROMETHEUS_API_KEY", "")
 
     model_config = ConfigDict(env_file=".env")
     main_route: str = os.getenv("LAGOON_ROUTE", "http://localhost:8800")
diff --git a/app/middleware/auth.py b/app/middleware/auth.py
@@ -1,4 +1,5 @@
 from fastapi import Request
+from fastapi.responses import JSONResponse
 from starlette.middleware.base import BaseHTTPMiddleware
 from app.core.security import get_current_user_from_auth
 from app.db.database import get_db
@@ -13,6 +14,25 @@ async def dispatch(self, request: Request, call_next):
         if request.url.path in settings.PUBLIC_PATHS:
             return await call_next(request)
 
+        # Check Bearer token for /metrics endpoint
+        if request.url.path == "/metrics":
+            auth_header = request.headers.get("authorization")
+            if auth_header and auth_header.startswith("Bearer "):
+                bearer_token = auth_header.split(" ")[1]
+
+                if settings.PROMETHEUS_API_KEY and bearer_token == settings.PROMETHEUS_API_KEY:
+                    return await call_next(request)
+                else:
+                    logger.info("Metrics Bearer token validation failed")
+            else:
+                logger.info("No valid Metrics Bearer token found in authorization header")
+
+            # If no valid Bearer token, return 404
+            return JSONResponse(
+                status_code=404,
+                content={"detail": "Not Found"}
+            )
+
         # Initialize user as None
         request.state.user = None
 
diff --git a/prometheus/prometheus.yml b/prometheus/prometheus.yml
@@ -7,4 +7,7 @@ scrape_configs:
     static_configs:
       - targets: ['backend:8800']
     metrics_path: '/metrics'
-    scheme: 'http'
+    scheme: 'http'
+    authorization:
+      type: 'Bearer'
+      credentials: 'test-key'
