2020-11-18 01:12:37 +00:00
|
|
|
package service
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2021-11-22 17:06:12 +00:00
|
|
|
"encoding/json"
|
2020-11-18 01:12:37 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/pprof"
|
|
|
|
|
2021-06-26 04:46:51 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/config"
|
|
|
|
"github.com/fleetdm/fleet/v4/server/contexts/token"
|
2021-11-02 17:35:57 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/errorstore"
|
2021-06-26 04:46:51 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
2021-06-06 22:07:29 +00:00
|
|
|
|
2020-11-18 01:12:37 +00:00
|
|
|
kitlog "github.com/go-kit/kit/log"
|
2021-12-06 14:26:01 +00:00
|
|
|
"github.com/go-kit/kit/log/level"
|
2020-11-18 01:12:37 +00:00
|
|
|
"github.com/gorilla/mux"
|
|
|
|
)
|
|
|
|
|
|
|
|
type debugAuthenticationMiddleware struct {
|
2021-06-06 22:07:29 +00:00
|
|
|
service fleet.Service
|
2020-11-18 01:12:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Authenticate the user and ensure the account is not disabled.
|
|
|
|
func (m *debugAuthenticationMiddleware) Middleware(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
bearer := token.FromHTTPRequest(r)
|
|
|
|
if bearer == "" {
|
|
|
|
http.Error(w, "Please authenticate", http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx := token.NewContext(context.Background(), bearer)
|
2021-06-07 01:10:58 +00:00
|
|
|
v, err := authViewer(ctx, string(bearer), m.service)
|
2020-11-18 01:12:37 +00:00
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "Invalid authentication", http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if !v.CanPerformActions() {
|
|
|
|
http.Error(w, "Unauthorized", http.StatusForbidden)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// MakeDebugHandler creates an HTTP handler for the Fleet debug endpoints.
|
2021-11-22 17:06:12 +00:00
|
|
|
func MakeDebugHandler(svc fleet.Service, config config.FleetConfig, logger kitlog.Logger, eh *errorstore.Handler, ds fleet.Datastore) http.Handler {
|
2020-11-18 01:12:37 +00:00
|
|
|
r := mux.NewRouter()
|
|
|
|
r.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
|
|
|
|
r.HandleFunc("/debug/pprof/profile", pprof.Profile)
|
|
|
|
r.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
|
|
|
|
r.HandleFunc("/debug/pprof/trace", pprof.Trace)
|
2021-11-02 17:35:57 +00:00
|
|
|
r.Handle("/debug/errors", eh)
|
2020-11-18 01:12:37 +00:00
|
|
|
r.PathPrefix("/debug/pprof/").HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
|
|
|
pprof.Index(rw, req)
|
|
|
|
})
|
2021-11-22 17:06:12 +00:00
|
|
|
r.HandleFunc("/debug/migrations", func(rw http.ResponseWriter, r *http.Request) {
|
|
|
|
status, err := ds.MigrationStatus(r.Context())
|
|
|
|
if err != nil {
|
2021-12-06 14:26:01 +00:00
|
|
|
level.Error(logger).Log("err", err)
|
2021-11-22 17:06:12 +00:00
|
|
|
rw.WriteHeader(http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
b, err := json.Marshal(&status)
|
|
|
|
if err != nil {
|
2021-12-06 14:26:01 +00:00
|
|
|
level.Error(logger).Log("err", err)
|
|
|
|
rw.WriteHeader(http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
rw.Write(b)
|
|
|
|
})
|
|
|
|
r.HandleFunc("/debug/dblocks", func(rw http.ResponseWriter, r *http.Request) {
|
|
|
|
locks, err := ds.DBLocks(r.Context())
|
|
|
|
if err != nil {
|
|
|
|
level.Error(logger).Log("err", err)
|
|
|
|
rw.WriteHeader(http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
b, err := json.Marshal(locks)
|
|
|
|
if err != nil {
|
|
|
|
level.Error(logger).Log("err", err)
|
2021-11-22 17:06:12 +00:00
|
|
|
rw.WriteHeader(http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
rw.Write(b)
|
|
|
|
})
|
2020-11-18 01:12:37 +00:00
|
|
|
|
|
|
|
mw := &debugAuthenticationMiddleware{
|
|
|
|
service: svc,
|
|
|
|
}
|
|
|
|
r.Use(mw.Middleware)
|
|
|
|
|
|
|
|
return r
|
|
|
|
}
|