2018-09-14 05:42:05 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-07-03 15:09:34 +00:00
|
|
|
module RequiresWhitelistedMonitoringClient
|
|
|
|
extend ActiveSupport::Concern
|
2017-08-31 09:47:03 +00:00
|
|
|
|
2017-07-03 15:09:34 +00:00
|
|
|
included do
|
2017-07-06 11:36:16 +00:00
|
|
|
before_action :validate_ip_whitelisted_or_valid_token!
|
2017-07-03 15:09:34 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2017-07-06 11:36:16 +00:00
|
|
|
def validate_ip_whitelisted_or_valid_token!
|
|
|
|
render_404 unless client_ip_whitelisted? || valid_token?
|
2017-07-03 15:09:34 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def client_ip_whitelisted?
|
2019-06-26 09:27:19 +00:00
|
|
|
# Always allow developers to access http://localhost:3000/-/metrics for
|
|
|
|
# debugging purposes
|
|
|
|
return true if Rails.env.development? && request.local?
|
|
|
|
|
2020-01-13 15:07:53 +00:00
|
|
|
ip_whitelist.any? { |e| e.include?(Gitlab::RequestContext.instance.client_ip) }
|
2017-07-03 20:41:33 +00:00
|
|
|
end
|
2017-07-03 22:46:44 +00:00
|
|
|
|
|
|
|
def ip_whitelist
|
|
|
|
@ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
|
|
|
|
end
|
|
|
|
|
2017-07-06 11:36:16 +00:00
|
|
|
def valid_token?
|
2017-07-03 20:41:33 +00:00
|
|
|
token = params[:token].presence || request.headers['TOKEN']
|
|
|
|
token.present? &&
|
2019-06-25 17:54:42 +00:00
|
|
|
ActiveSupport::SecurityUtils.secure_compare(
|
2017-07-03 20:41:33 +00:00
|
|
|
token,
|
2018-02-02 18:39:55 +00:00
|
|
|
Gitlab::CurrentSettings.health_check_access_token
|
2017-07-03 20:41:33 +00:00
|
|
|
)
|
2017-07-03 15:09:34 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def render_404
|
2021-04-30 09:10:21 +00:00
|
|
|
render "errors/not_found", layout: "errors", status: :not_found
|
2017-07-03 15:09:34 +00:00
|
|
|
end
|
|
|
|
end
|