diff options
Diffstat (limited to 'packages/api/middlewares/prometheusAuth.ts')
| -rw-r--r-- | packages/api/middlewares/prometheusAuth.ts | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/packages/api/middlewares/prometheusAuth.ts b/packages/api/middlewares/prometheusAuth.ts new file mode 100644 index 00000000..bf35608f --- /dev/null +++ b/packages/api/middlewares/prometheusAuth.ts @@ -0,0 +1,33 @@ +import { createMiddleware } from "hono/factory"; +import { HTTPException } from "hono/http-exception"; + +import serverConfig from "@karakeep/shared/config"; + +export const prometheusAuthMiddleware = createMiddleware(async (c, next) => { + const { metricsToken } = serverConfig.prometheus; + + // If no token is configured, deny access (safe default) + if (!metricsToken) { + throw new HTTPException(404, { + message: "Not Found", + }); + } + + const auth = c.req.header("Authorization"); + + if (!auth || !auth.startsWith("Bearer ")) { + throw new HTTPException(401, { + message: "Unauthorized", + }); + } + + const token = auth.slice(7); // Remove "Bearer " prefix + + if (token !== metricsToken) { + throw new HTTPException(401, { + message: "Unauthorized", + }); + } + + await next(); +}); |