blob: ad6d4dc548cbb86f3682aef5df802d76cd19ab3a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# frozen_string_literal: true
module RequiresAllowlistedMonitoringClient
extend ActiveSupport::Concern
included do
before_action :validate_ip_allowlisted_or_valid_token!
end
private
def validate_ip_allowlisted_or_valid_token!
render_404 unless client_ip_allowlisted? || valid_token?
end
def client_ip_allowlisted?
# Always allow developers to access http://localhost:3000/-/metrics for
# debugging purposes
return true if Rails.env.development? && request.local?
ip_allowlist.any? { |e| e.include?(Gitlab::RequestContext.instance.client_ip) }
end
def ip_allowlist
@ip_allowlist ||= Settings.monitoring.ip_whitelist.map { |ip| IPAddr.new(ip) }
end
def valid_token?
token = params[:token].presence || request.headers['TOKEN']
token.present? &&
ActiveSupport::SecurityUtils.secure_compare(
token,
Gitlab::CurrentSettings.health_check_access_token
)
end
def render_404
render "errors/not_found", layout: "errors", status: :not_found
end
end
|