From 33221c90c3611bc6a37b7c35b414e49a9ee202aa Mon Sep 17 00:00:00 2001 From: Quinn Ftw Date: Fri, 26 Dec 2025 05:59:37 -0800 Subject: [PATCH] feat(status-dashboard): migrate metrics endpoint to FlexibleAuthGuard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update /api/metrics/report endpoint: - Replace MtlsGuard + ApiKeyGuard with FlexibleAuthGuard - Configure @AuthMethods('mtls', 'apiKey') for backward compatibility - Maintains same auth behavior with more flexible implementation FlexibleAuthGuard provides same mTLS + API Key authentication with priority-based fallback and better debugging. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .../server/src/api/metrics.controller.ts | 28 ++++++++----------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/features/status-dashboard/server/src/api/metrics.controller.ts b/features/status-dashboard/server/src/api/metrics.controller.ts index 4e0f027dc..fb4b59eee 100644 --- a/features/status-dashboard/server/src/api/metrics.controller.ts +++ b/features/status-dashboard/server/src/api/metrics.controller.ts @@ -1,22 +1,23 @@ -import { Controller, Post, Body, Headers, Req, UseGuards, Logger } from '@nestjs/common'; +import { Controller, Post, Body, Req, UseGuards, Logger } from '@nestjs/common'; import { Request } from 'express'; import { MetricsStorageService } from '../storage/metrics-storage.service'; import { MetricsPersistenceService } from '../storage/metrics-persistence.service'; import { AlertDetectionService } from '../alerts/alert-detection.service'; -import { ApiKeyGuard } from '../auth/api-key.guard'; -import { MtlsGuard } from '../auth/mtls.guard'; +import { FlexibleAuthGuard, AuthMethods } from '../auth'; import { HostMetrics } from '../types/metrics.types'; /** * Controller for receiving metrics from host agents. * - * Supports dual authentication: + * Supports dual authentication via FlexibleAuthGuard: * - mTLS: Client certificate authentication (preferred for production) * - API Key: Header-based authentication (fallback for development) * - * When both are provided, mTLS takes precedence. + * Priority order: mTLS > API Key */ @Controller('api/metrics') +@UseGuards(FlexibleAuthGuard) +@AuthMethods('mtls', 'apikey') export class MetricsController { private readonly logger = new Logger(MetricsController.name); @@ -29,22 +30,15 @@ export class MetricsController { /** * Receive metrics pushed from host agents. * - * Authentication: + * Authentication handled by FlexibleAuthGuard: * - mTLS: Host ID extracted from certificate CN * - API Key: Host ID resolved from X-API-Key header */ @Post('report') - @UseGuards(MtlsGuard, ApiKeyGuard) - reportMetrics( - @Req() request: Request, - @Body() metrics: HostMetrics, - @Headers('x-api-key') apiKey: string, - ) { - // Get authenticated host ID (mTLS takes priority) - const mtlsHostId = MtlsGuard.getHostIdFromRequest(request); - const apiKeyHostId = apiKey ? ApiKeyGuard.getHostIdFromApiKey(apiKey) : null; - const authenticatedHostId = mtlsHostId || apiKeyHostId; - const authMethod = mtlsHostId ? 'mTLS' : 'API-Key'; + reportMetrics(@Req() request: Request, @Body() metrics: HostMetrics) { + // Get authenticated host ID from FlexibleAuthGuard + const authenticatedHostId = FlexibleAuthGuard.getAuthenticatedHost(request); + const authMethod = FlexibleAuthGuard.getAuthMethod(request); // Validate that hostId in metrics matches the authenticated identity if (authenticatedHostId && metrics.hostId !== authenticatedHostId) {