From 0997f6d3eedbf5121bbc0b33da4ea5c7234ca3f6 Mon Sep 17 00:00:00 2001 From: Mariell Hoversholm Date: Fri, 21 Nov 2025 13:02:24 +0100 Subject: [PATCH] feat(auth): emit metrics with token index This is useful to ascertain whether migrating tokens is successful, and whether any clients are still using any old tokens. --- devenv/docker/go-build/docker-compose.yaml | 2 ++ pkg/api/middleware/auth.go | 19 ++++++++++++++----- pkg/metrics/registry.go | 1 + 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/devenv/docker/go-build/docker-compose.yaml b/devenv/docker/go-build/docker-compose.yaml index 403156d1..84cd14be 100644 --- a/devenv/docker/go-build/docker-compose.yaml +++ b/devenv/docker/go-build/docker-compose.yaml @@ -49,6 +49,7 @@ services: environment: TRACING_ENDPOINT: http://tempo:4318/v1/traces LOG_LEVEL: debug + AUTH_TOKEN: one,two,three,four,five command: - server # 1 GiB @@ -91,6 +92,7 @@ services: environment: GF_RENDERING_SERVER_URL: http://renderer:8081/render GF_RENDERING_CALLBACK_URL: http://grafana:3000/ + GF_RENDERING_RENDERER_TOKEN: three GF_TRACING_OPENTELEMETRY_OTLP_ADDRESS: tempo:4317 GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/grafana-exploretraces-app/grafana-exploretraces-app-latest.zip;grafana-traces-app GF_LOG_FILTERS: rendering:debug diff --git a/pkg/api/middleware/auth.go b/pkg/api/middleware/auth.go index b0a779ab..4d582346 100644 --- a/pkg/api/middleware/auth.go +++ b/pkg/api/middleware/auth.go @@ -1,16 +1,23 @@ package middleware import ( + "fmt" "net/http" "slices" "github.com/prometheus/client_golang/prometheus" ) -var MetricAuthenticatedRequestAttempt = prometheus.NewCounterVec(prometheus.CounterOpts{ - Name: "http_authenticated_request_attempts_total", - Help: "Counts the attempts of authenticated requests", -}, []string{"result"}) +var ( + MetricAuthenticatedRequestAttempt = prometheus.NewCounterVec(prometheus.CounterOpts{ + Name: "http_authenticated_request_attempts_total", + Help: "Counts the attempts of authenticated requests", + }, []string{"result"}) + MetricAuthenticationTokenUsage = prometheus.NewCounterVec(prometheus.CounterOpts{ + Name: "http_authentication_token_usage_total", + Help: "Counts how many times each authentication token is used", + }, []string{"token_index"}) +) // RequireAuthToken demands the request has a valid X-Auth-Token header attached to it. func RequireAuthToken(h http.Handler, expectedTokens ...string) http.Handler { @@ -25,8 +32,10 @@ func RequireAuthToken(h http.Handler, expectedTokens ...string) http.Handler { MetricAuthenticatedRequestAttempt.WithLabelValues("missing-header").Inc() return } - if slices.Contains(expectedTokens, token) { + tokenIdx := slices.Index(expectedTokens, token) + if tokenIdx != -1 { MetricAuthenticatedRequestAttempt.WithLabelValues("valid-token").Inc() + MetricAuthenticationTokenUsage.WithLabelValues(fmt.Sprintf("%d", tokenIdx)).Inc() span.End() // we don't want to track the next middleware in this span h.ServeHTTP(w, r) return diff --git a/pkg/metrics/registry.go b/pkg/metrics/registry.go index b6d954d3..e7eeacfd 100644 --- a/pkg/metrics/registry.go +++ b/pkg/metrics/registry.go @@ -16,6 +16,7 @@ func NewRegistry() *prometheus.Registry { collectors.NewBuildInfoCollector(), middleware.MetricAuthenticatedRequestAttempt, + middleware.MetricAuthenticationTokenUsage, middleware.MetricRateLimiterSlots, middleware.MetricRateLimiterRequests, middleware.MetricRequestsInFlight,