fix: Metrics should be protected behind authZ

Signed-off-by: Alexei Dodon <[email protected]>
project-zot · Oct 15, 2023 · fc826a5 · fc826a5
1 parent fc2380b
commit fc826a5
Show file tree

Hide file tree

Showing 16 changed files with 8,860 additions and 8,399 deletions.
diff --git a/examples/config-metrics.json b/examples/config-metrics.json
@@ -5,7 +5,12 @@
     },
     "http": {
         "address": "127.0.0.1",
-        "port": "8080"
+        "port": "8080",
+        "auth": {
+            "htpasswd": {
+              "path": "test/data/htpasswd"
+            }
+        }
     },
     "log": {
         "level": "debug"

diff --git a/pkg/api/authn.go b/pkg/api/authn.go
@@ -60,7 +60,7 @@ func AuthHandler(ctlr *Controller) mux.MiddlewareFunc {
 		return bearerAuthHandler(ctlr)
 	}
 
-	return authnMiddleware.TryAuthnHandlers(ctlr)
+	return authnMiddleware.tryAuthnHandlers(ctlr)
 }
 
 func (amw *AuthnMiddleware) sessionAuthn(ctlr *Controller, userAc *reqCtx.UserAccessControl,
@@ -250,7 +250,7 @@ func (amw *AuthnMiddleware) basicAuthn(ctlr *Controller, userAc *reqCtx.UserAcce
 	return false, nil
 }
 
-func (amw *AuthnMiddleware) TryAuthnHandlers(ctlr *Controller) mux.MiddlewareFunc { //nolint: gocyclo
+func (amw *AuthnMiddleware) tryAuthnHandlers(ctlr *Controller) mux.MiddlewareFunc { //nolint: gocyclo
 	// no password based authN, if neither LDAP nor HTTP BASIC is enabled
 	if !ctlr.Config.IsBasicAuthnEnabled() {
 		return noPasswdAuth(ctlr)