Support Authentication for /stats and /metrics

Question

Support Authentication for /stats and /metrics

sv2 opened this issue 7 years ago · 1 comments

Provide option to enable authentication for statistics API (/swagger-stats/stats) and metrics API (/swagger-stats/metrics)

Answer 1 · 2017-11-07T06:22:33.000Z

swagger-stats now supports Basic Authentication for /stats and /metrics endpoints.

Example how to enable Basic Authentication:

var maxAge = 900; // basic auth session expiration in seconds

// Use swagger-stats middleware with authentication enabled
app.use(swStats.getMiddleware({
    name: 'swagger-stats-authtest',
    version: '0.94.0',
    hostname: "hostname",
    ip: "127.0.0.1",
    swaggerSpec:swaggerSpec,
    uriPath: '/swagger-stats',
    durationBuckets: [10, 25, 50, 100, 200],
    requestSizeBuckets: [10, 25, 50, 100, 200],
    responseSizeBuckets: [10, 25, 50, 100, 200],
    apdexThreshold: 100,
    onResponseFinish: function(req,res,rrr){
        debug('onResponseFinish: %s', JSON.stringify(rrr));
    },
    authentication: true,
    sessionMaxAge: maxAge,
    onAuthenticate: function(req,username,password){
        // simple check for username and password
        return((username==='swagger-stats') && (password==='swagger-stats') );
    }
}));

See examples/authtest for full example

For /stats endpoint, swagger-stats supports session and will set up cookie 'sws-session-id'. Application can control session expiration using sessionMaxAge parameter ( value in seconds )

For /metrics endpoint sessions are not used as Prometheus will send username and password in every scrape rewquest