Welcome to mirror list, hosted at ThFree Co, Russian Federation.

requires_allowlisted_monitoring_client.rb « concerns « controllers « app - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/concerns/requires_allowlisted_monitoring_client.rb
blob: ad6d4dc548cbb86f3682aef5df802d76cd19ab3a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

# frozen_string_literal: true

module RequiresAllowlistedMonitoringClient
  extend ActiveSupport::Concern

  included do
    before_action :validate_ip_allowlisted_or_valid_token!
  end

  private

  def validate_ip_allowlisted_or_valid_token!
    render_404 unless client_ip_allowlisted? || valid_token?
  end

  def client_ip_allowlisted?
    # Always allow developers to access http://localhost:3000/-/metrics for
    # debugging purposes
    return true if Rails.env.development? && request.local?

    ip_allowlist.any? { |e| e.include?(Gitlab::RequestContext.instance.client_ip) }
  end

  def ip_allowlist
    @ip_allowlist ||= Settings.monitoring.ip_whitelist.map { |ip| IPAddr.new(ip) }
  end

  def valid_token?
    token = params[:token].presence || request.headers['TOKEN']
    token.present? &&
      ActiveSupport::SecurityUtils.secure_compare(
        token,
        Gitlab::CurrentSettings.health_check_access_token
      )
  end

  def render_404
    render "errors/not_found", layout: "errors", status: :not_found
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 07:25:42 +0300