Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Password protect the profiling endpoints.

  • Loading branch information...
commit b79f8f88f20c8500441ad7503a8856f7bc79d604 1 parent f17e343
Conrad Irwin ConradIrwin authored committed
24 lib/rack/perftools_profiler/action.rb
View
@@ -17,18 +17,22 @@ def act
def self.for_env(env, profiler, middleware)
request = Rack::Request.new(env)
klass =
- case request.path_info
- when %r{/__start__$}
- StartProfiling
- when %r{/__stop__$}
- StopProfiling
- when %r{/__data__$}
- ReturnData
+ if ENV["PROFILE_PASSWORD"] && request.GET['profile'] != ENV["PROFILE_PASSWORD"]
+ CallAppDirectly
else
- if ProfileOnce.has_special_param?(request)
- ProfileOnce
+ case request.path_info
+ when %r{/__start__$}
+ StartProfiling
+ when %r{/__stop__$}
+ StopProfiling
+ when %r{/__data__$}
+ ReturnData
else
- CallAppDirectly
+ if ProfileOnce.has_special_param?(request)
+ ProfileOnce
+ else
+ CallAppDirectly
+ end
end
end
klass.new(env, profiler, middleware)
21 test/single_request_profiling_test.rb
View
@@ -324,4 +324,25 @@ def setup
end
+ context "when a profile password is required" do
+ should "not profile unless the parameter matches" do
+ ENV["PROFILE_PASSWORD"] = 'secret_password'
+ app = @app.clone
+ env = Rack::MockRequest.env_for('/', :params => {'profile' => 'true'})
+ status, headers, body = Rack::PerftoolsProfiler.new(app, :default_printer => 'pdf').call(env)
+ assert_equal 200, status
+ assert_equal 'text/plain', headers['Content-Type']
+ assert_equal 'Oh hai der', RackResponseBody.new(body).to_s
+ ENV.delete 'PROFILE_PASSWORD'
+ end
+
+ should "profile if the parameter matches" do
+ ENV["PROFILE_PASSWORD"] = 'secret_password'
+ env = Rack::MockRequest.env_for('/', :params => 'profile=secret_password&printer=gif')
+ _, headers, _ = Rack::PerftoolsProfiler.new(@app, :default_printer => 'pdf').call(env)
+ assert_equal 'image/gif', headers['Content-Type']
+ ENV.delete 'PROFILE_PASSWORD'
+ end
+ end
+
end
Please sign in to comment.
Something went wrong with that request. Please try again.