feat: Add prometheus monitoring. Fixes #758

author: Mohamed Bassem <me@mbassem.com> 2025-07-06 18:07:56 +0000
committer: Mohamed Bassem <me@mbassem.com> 2025-07-06 18:09:05 +0000
commit: b60ece578304df21602d39c7022a7a4dbc6437e0 (patch)
tree: a5e3395b0b3b5c9bb01566bf68aa21334fd13784 /packages/api/middlewares
parent: cfa0385b4dcd37f9cc29a15f94a59a4f48dd05fb (diff)
download: karakeep-b60ece578304df21602d39c7022a7a4dbc6437e0.tar.zst
1 files changed, 33 insertions, 0 deletions
diff --git a/packages/api/middlewares/prometheusAuth.ts b/packages/api/middlewares/prometheusAuth.ts
new file mode 100644
index 00000000..bf35608f
--- /dev/null
+++ b/packages/api/middlewares/prometheusAuth.ts
@@ -0,0 +1,33 @@
+import { createMiddleware } from "hono/factory";
+import { HTTPException } from "hono/http-exception";
+
+import serverConfig from "@karakeep/shared/config";
+
+export const prometheusAuthMiddleware = createMiddleware(async (c, next) => {
+  const { metricsToken } = serverConfig.prometheus;
+
+  // If no token is configured, deny access (safe default)
+  if (!metricsToken) {
+    throw new HTTPException(404, {
+      message: "Not Found",
+    });
+  }
+
+  const auth = c.req.header("Authorization");
+
+  if (!auth || !auth.startsWith("Bearer ")) {
+    throw new HTTPException(401, {
+      message: "Unauthorized",
+    });
+  }
+
+  const token = auth.slice(7); // Remove "Bearer " prefix
+
+  if (token !== metricsToken) {
+    throw new HTTPException(401, {
+      message: "Unauthorized",
+    });
+  }
+
+  await next();
+});
author	Mohamed Bassem <me@mbassem.com>	2025-07-06 18:07:56 +0000
committer	Mohamed Bassem <me@mbassem.com>	2025-07-06 18:09:05 +0000
commit	b60ece578304df21602d39c7022a7a4dbc6437e0 (patch)
tree	a5e3395b0b3b5c9bb01566bf68aa21334fd13784 /packages/api/middlewares
parent	cfa0385b4dcd37f9cc29a15f94a59a4f48dd05fb (diff)
download	karakeep-b60ece578304df21602d39c7022a7a4dbc6437e0.tar.zst