mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
de55ecf778
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38889 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Updated internal logging infrastructure to improve standardization and maintainability. Logging functionality remains unchanged from an end-user perspective. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
102 lines
3.4 KiB
Go
102 lines
3.4 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"log/slog"
|
|
"net/http"
|
|
"net/http/pprof"
|
|
|
|
"github.com/fleetdm/fleet/v4/server/config"
|
|
"github.com/fleetdm/fleet/v4/server/contexts/logging"
|
|
"github.com/fleetdm/fleet/v4/server/contexts/token"
|
|
"github.com/fleetdm/fleet/v4/server/errorstore"
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
"github.com/fleetdm/fleet/v4/server/service/middleware/auth"
|
|
|
|
kithttp "github.com/go-kit/kit/transport/http"
|
|
"github.com/gorilla/mux"
|
|
)
|
|
|
|
type debugAuthenticationMiddleware struct {
|
|
service fleet.Service
|
|
}
|
|
|
|
// Authenticate the user and ensure the account is not disabled.
|
|
func (m *debugAuthenticationMiddleware) Middleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
bearer := token.FromHTTPRequest(r)
|
|
if bearer == "" {
|
|
http.Error(w, "Please authenticate", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
ctx := token.NewContext(context.Background(), bearer)
|
|
v, err := auth.AuthViewer(ctx, string(bearer), m.service)
|
|
if err != nil {
|
|
http.Error(w, "Invalid authentication", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
if !v.CanPerformActions() || v.User.GlobalRole == nil || *v.User.GlobalRole != fleet.RoleAdmin {
|
|
http.Error(w, "Unauthorized", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func jsonHandler(
|
|
logger *slog.Logger,
|
|
jsonGenerator func(ctx context.Context) (any, error),
|
|
) func(rw http.ResponseWriter, r *http.Request) {
|
|
return func(rw http.ResponseWriter, r *http.Request) {
|
|
lc := &logging.LoggingContext{SkipUser: true} // The debug handler does not save the logged-in user.
|
|
ctx := logging.NewContext(kithttp.PopulateRequestContext(r.Context(), r), lc)
|
|
ctx = logging.WithStartTime(ctx)
|
|
jsonData, err := jsonGenerator(ctx)
|
|
if err != nil {
|
|
lc.SetErrs(err)
|
|
lc.Log(ctx, logger)
|
|
var sce kithttp.StatusCoder
|
|
if errors.As(err, &sce) {
|
|
rw.WriteHeader(sce.StatusCode())
|
|
_, _ = rw.Write([]byte(err.Error()))
|
|
return
|
|
}
|
|
rw.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
b, err := json.MarshalIndent(jsonData, "", " ")
|
|
if err != nil {
|
|
lc.SetErrs(err)
|
|
lc.Log(ctx, logger)
|
|
rw.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
rw.Write(b) //nolint:errcheck
|
|
}
|
|
}
|
|
|
|
// MakeDebugHandler creates an HTTP handler for the Fleet debug endpoints.
|
|
func MakeDebugHandler(svc fleet.Service, config config.FleetConfig, logger *slog.Logger, eh *errorstore.Handler, ds fleet.Datastore) http.Handler {
|
|
r := mux.NewRouter()
|
|
r.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
|
|
r.HandleFunc("/debug/pprof/profile", pprof.Profile)
|
|
r.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
|
|
r.HandleFunc("/debug/pprof/trace", pprof.Trace)
|
|
r.Handle("/debug/errors", eh)
|
|
r.PathPrefix("/debug/pprof/").HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { pprof.Index(rw, req) })
|
|
r.HandleFunc("/debug/migrations", jsonHandler(logger, func(ctx context.Context) (interface{}, error) { return ds.MigrationStatus(ctx) }))
|
|
r.HandleFunc("/debug/db/locks", jsonHandler(logger, func(ctx context.Context) (interface{}, error) { return ds.DBLocks(ctx) }))
|
|
r.HandleFunc("/debug/db/innodb-status", jsonHandler(logger, func(ctx context.Context) (interface{}, error) { return ds.InnoDBStatus(ctx) }))
|
|
r.HandleFunc("/debug/db/process-list", jsonHandler(logger, func(ctx context.Context) (interface{}, error) { return ds.ProcessList(ctx) }))
|
|
|
|
mw := &debugAuthenticationMiddleware{
|
|
service: svc,
|
|
}
|
|
r.Use(mw.Middleware)
|
|
|
|
return r
|
|
}
|