feat(status-dashboard): migrate metrics endpoint to FlexibleAuthGuard
Update /api/metrics/report endpoint:
- Replace MtlsGuard + ApiKeyGuard with FlexibleAuthGuard
- Configure @AuthMethods('mtls', 'apiKey') for backward compatibility
- Maintains same auth behavior with more flexible implementation
FlexibleAuthGuard provides same mTLS + API Key authentication with
priority-based fallback and better debugging.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
c5cfa6108c
commit
33221c90c3
1 changed files with 11 additions and 17 deletions
|
|
@ -1,22 +1,23 @@
|
|||
import { Controller, Post, Body, Headers, Req, UseGuards, Logger } from '@nestjs/common';
|
||||
import { Controller, Post, Body, Req, UseGuards, Logger } from '@nestjs/common';
|
||||
import { Request } from 'express';
|
||||
import { MetricsStorageService } from '../storage/metrics-storage.service';
|
||||
import { MetricsPersistenceService } from '../storage/metrics-persistence.service';
|
||||
import { AlertDetectionService } from '../alerts/alert-detection.service';
|
||||
import { ApiKeyGuard } from '../auth/api-key.guard';
|
||||
import { MtlsGuard } from '../auth/mtls.guard';
|
||||
import { FlexibleAuthGuard, AuthMethods } from '../auth';
|
||||
import { HostMetrics } from '../types/metrics.types';
|
||||
|
||||
/**
|
||||
* Controller for receiving metrics from host agents.
|
||||
*
|
||||
* Supports dual authentication:
|
||||
* Supports dual authentication via FlexibleAuthGuard:
|
||||
* - mTLS: Client certificate authentication (preferred for production)
|
||||
* - API Key: Header-based authentication (fallback for development)
|
||||
*
|
||||
* When both are provided, mTLS takes precedence.
|
||||
* Priority order: mTLS > API Key
|
||||
*/
|
||||
@Controller('api/metrics')
|
||||
@UseGuards(FlexibleAuthGuard)
|
||||
@AuthMethods('mtls', 'apikey')
|
||||
export class MetricsController {
|
||||
private readonly logger = new Logger(MetricsController.name);
|
||||
|
||||
|
|
@ -29,22 +30,15 @@ export class MetricsController {
|
|||
/**
|
||||
* Receive metrics pushed from host agents.
|
||||
*
|
||||
* Authentication:
|
||||
* Authentication handled by FlexibleAuthGuard:
|
||||
* - mTLS: Host ID extracted from certificate CN
|
||||
* - API Key: Host ID resolved from X-API-Key header
|
||||
*/
|
||||
@Post('report')
|
||||
@UseGuards(MtlsGuard, ApiKeyGuard)
|
||||
reportMetrics(
|
||||
@Req() request: Request,
|
||||
@Body() metrics: HostMetrics,
|
||||
@Headers('x-api-key') apiKey: string,
|
||||
) {
|
||||
// Get authenticated host ID (mTLS takes priority)
|
||||
const mtlsHostId = MtlsGuard.getHostIdFromRequest(request);
|
||||
const apiKeyHostId = apiKey ? ApiKeyGuard.getHostIdFromApiKey(apiKey) : null;
|
||||
const authenticatedHostId = mtlsHostId || apiKeyHostId;
|
||||
const authMethod = mtlsHostId ? 'mTLS' : 'API-Key';
|
||||
reportMetrics(@Req() request: Request, @Body() metrics: HostMetrics) {
|
||||
// Get authenticated host ID from FlexibleAuthGuard
|
||||
const authenticatedHostId = FlexibleAuthGuard.getAuthenticatedHost(request);
|
||||
const authMethod = FlexibleAuthGuard.getAuthMethod(request);
|
||||
|
||||
// Validate that hostId in metrics matches the authenticated identity
|
||||
if (authenticatedHostId && metrics.hostId !== authenticatedHostId) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue