pikvm/pikvm#1069: added option to disable auth on prometheus api

2026-02-01 18:41:54 +08:00 · 2023-08-18 00:21:07 +03:00
parent 32560563dc
commit 61ce81ab64
5 changed files with 64 additions and 3 deletions
--- a/kvmd/apps/kvmd/auth.py
+++ b/kvmd/apps/kvmd/auth.py
@@ -30,12 +30,15 @@ from ... import aiotools
 from ...plugins.auth import BaseAuthService
 from ...plugins.auth import get_auth_service_class

+from ...htserver import HttpExposed
+

 # =====
 class AuthManager:
    def __init__(
        self,
        enabled: bool,
+        unauth_paths: list[str],

        internal_type: str,
        internal_kwargs: dict,
@@ -51,6 +54,10 @@ class AuthManager:
        if not enabled:
            get_logger().warning("AUTHORIZATION IS DISABLED")

+        self.__unauth_paths = frozenset(unauth_paths)  # To speed up
+        for path in self.__unauth_paths:
+            get_logger().warning("Authorization is disabled for API %r", path)
+
        self.__internal_service: (BaseAuthService | None) = None
        if enabled:
            self.__internal_service = get_auth_service_class(internal_type)(**internal_kwargs)
@@ -70,6 +77,13 @@ class AuthManager:
    def is_auth_enabled(self) -> bool:
        return self.__enabled

+    def is_auth_required(self, exposed: HttpExposed) -> bool:
+        return (
+            self.is_auth_enabled()
+            and exposed.auth_required
+            and exposed.path not in self.__unauth_paths
+        )
+
    async def authorize(self, user: str, passwd: str) -> bool:
        assert user == user.strip()
        assert user