Source code for intranet.middleware.monitoring

from django.conf import settings
from django.shortcuts import render


[docs]class PrometheusAccessMiddleware: """ Restricts access to Django Prometheus metrics to ALLOWED_METRIC_IPS and superusers. """ def __init__(self, get_response): self.get_response = get_response def __call__(self, request): # We would like to be able to just check request.resolver_match.app_name. Unfortunately, URL resolving has not taken place yet, so we can't. if request.path == "/prometheus" or request.path.startswith("/prometheus/"): remote_addr = request.META["HTTP_X_REAL_IP"] if "HTTP_X_REAL_IP" in request.META else request.META.get("REMOTE_ADDR", "") is_superuser = request.user.is_authenticated and request.user.is_superuser # If they're not from an IP on the white list and they're not a superuser, deny access if remote_addr not in settings.ALLOWED_METRIC_SCRAPE_IPS and not is_superuser: return render(request, "error/403.html", {"reason": "You are not authorized to view this page."}, status=403) return self.get_response(request)