Add prometheus serializer and use it in prometheus output (#6703)

2019-11-26 15:46:31 -08:00
parent 8f71bbaa48
commit 80c5edd48e
20 changed files with 2516 additions and 1144 deletions
--- a/internal/http.go
+++ b/internal/http.go
@@ -2,6 +2,7 @@ package internal

 import (
 	"crypto/subtle"
+	"net"
 	"net/http"
 )

@@ -43,3 +44,49 @@ func (h *basicAuthHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request)

 	h.next.ServeHTTP(rw, req)
 }
+
+// IPRangeHandler returns a http handler that requires the remote address to be
+// in the specified network.
+func IPRangeHandler(network []*net.IPNet, onError ErrorFunc) func(h http.Handler) http.Handler {
+	return func(h http.Handler) http.Handler {
+		return &ipRangeHandler{
+			network: network,
+			onError: onError,
+			next:    h,
+		}
+	}
+}
+
+type ipRangeHandler struct {
+	network []*net.IPNet
+	onError ErrorFunc
+	next    http.Handler
+}
+
+func (h *ipRangeHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+	if len(h.network) == 0 {
+		h.next.ServeHTTP(rw, req)
+		return
+	}
+
+	remoteIPString, _, err := net.SplitHostPort(req.RemoteAddr)
+	if err != nil {
+		h.onError(rw, http.StatusForbidden)
+		return
+	}
+
+	remoteIP := net.ParseIP(remoteIPString)
+	if remoteIP == nil {
+		h.onError(rw, http.StatusForbidden)
+		return
+	}
+
+	for _, net := range h.network {
+		if net.Contains(remoteIP) {
+			h.next.ServeHTTP(rw, req)
+			return
+		}
+	}
+
+	h.onError(rw, http.StatusForbidden)
+}