gitlab-org--gitlab-foss/app/controllers/concerns/requires_whitelisted_monito...

module RequiresWhitelistedMonitoringClient
  extend ActiveSupport::Concern
  included do
    before_action :validate_ip_whitelisted_or_valid_token!
  end

  private

  def validate_ip_whitelisted_or_valid_token!
    render_404 unless client_ip_whitelisted? || valid_token?
  end

  def client_ip_whitelisted?
    ip_whitelist.any? { |e| e.include?(Gitlab::RequestContext.client_ip) }
  end

  def ip_whitelist
    @ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
  end

  def valid_token?
    token = params[:token].presence || request.headers['TOKEN']
    token.present? &&
      ActiveSupport::SecurityUtils.variable_size_secure_compare(
        token,
        current_application_settings.health_check_access_token
      )
  end

  def render_404
    render file: Rails.root.join('public', '404'), layout: false, status: '404'
  end
end
Remove the need to use health check token in favor of whitelist that will be used to control the access to monitoring resources 2017-07-03 15:09:34 +00:00			`module RequiresWhitelistedMonitoringClient`
			`extend ActiveSupport::Concern`
			`included do`
Add tests for token auth. 2017-07-06 11:36:16 +00:00			`before_action :validate_ip_whitelisted_or_valid_token!`
Remove the need to use health check token in favor of whitelist that will be used to control the access to monitoring resources 2017-07-03 15:09:34 +00:00			`end`

			`private`

Add tests for token auth. 2017-07-06 11:36:16 +00:00			`def validate_ip_whitelisted_or_valid_token!`
			`render_404 unless client_ip_whitelisted? \|\| valid_token?`
Remove the need to use health check token in favor of whitelist that will be used to control the access to monitoring resources 2017-07-03 15:09:34 +00:00			`end`

			`def client_ip_whitelisted?`
Finish refactring processed configuraiton, and add test validating ip range matching 2017-07-04 21:50:18 +00:00			`ip_whitelist.any? { \|e\| e.include?(Gitlab::RequestContext.client_ip) }`
Bring back healthcheck token access to monitoring resources, but mark this as deprecated 2017-07-03 20:41:33 +00:00			`end`
correctly handle transforming settings into useful datastructure 2017-07-03 22:46:44 +00:00
			`def ip_whitelist`
			`@ip_whitelist \|\|= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))`
			`end`

Add tests for token auth. 2017-07-06 11:36:16 +00:00			`def valid_token?`
Bring back healthcheck token access to monitoring resources, but mark this as deprecated 2017-07-03 20:41:33 +00:00			`token = params[:token].presence \|\| request.headers['TOKEN']`
			`token.present? &&`
			`ActiveSupport::SecurityUtils.variable_size_secure_compare(`
			`token,`
			`current_application_settings.health_check_access_token`
			`)`
Remove the need to use health check token in favor of whitelist that will be used to control the access to monitoring resources 2017-07-03 15:09:34 +00:00			`end`

			`def render_404`
			`render file: Rails.root.join('public', '404'), layout: false, status: '404'`
			`end`
			`end`