Support Authentication for /stats and /metrics
sv2 opened this issue · 1 comments
sv2 commented
Provide option to enable authentication for statistics API (/swagger-stats/stats) and metrics API (/swagger-stats/metrics)
sv2 commented
swagger-stats now supports Basic Authentication for /stats and /metrics endpoints.
Example how to enable Basic Authentication:
var maxAge = 900; // basic auth session expiration in seconds
// Use swagger-stats middleware with authentication enabled
app.use(swStats.getMiddleware({
name: 'swagger-stats-authtest',
version: '0.94.0',
hostname: "hostname",
ip: "127.0.0.1",
swaggerSpec:swaggerSpec,
uriPath: '/swagger-stats',
durationBuckets: [10, 25, 50, 100, 200],
requestSizeBuckets: [10, 25, 50, 100, 200],
responseSizeBuckets: [10, 25, 50, 100, 200],
apdexThreshold: 100,
onResponseFinish: function(req,res,rrr){
debug('onResponseFinish: %s', JSON.stringify(rrr));
},
authentication: true,
sessionMaxAge: maxAge,
onAuthenticate: function(req,username,password){
// simple check for username and password
return((username==='swagger-stats') && (password==='swagger-stats') );
}
}));
See examples/authtest for full example
For /stats endpoint, swagger-stats supports session and will set up cookie 'sws-session-id'. Application can control session expiration using sessionMaxAge
parameter ( value in seconds )
For /metrics endpoint sessions are not used as Prometheus will send username and password in every scrape rewquest