packages/api/middlewares/prometheusAuth.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

import { createMiddleware } from "hono/factory";
import { HTTPException } from "hono/http-exception";

import serverConfig from "@karakeep/shared/config";

export const prometheusAuthMiddleware = createMiddleware(async (c, next) => {
  const { metricsToken } = serverConfig.prometheus;

  // If no token is configured, deny access (safe default)
  if (!metricsToken) {
    throw new HTTPException(404, {
      message: "Not Found",
    });
  }

  const auth = c.req.header("Authorization");

  if (!auth || !auth.startsWith("Bearer ")) {
    throw new HTTPException(401, {
      message: "Unauthorized",
    });
  }

  const token = auth.slice(7); // Remove "Bearer " prefix

  if (token !== metricsToken) {
    throw new HTTPException(401, {
      message: "Unauthorized",
    });
  }

  await next();
});