From b13952b16122f53ac156bb8403d2e759856493e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= <lauri@pinecrypt.com>
Date: Wed, 9 Jun 2021 22:58:21 +0300
Subject: [PATCH] Add PROMETHEUS_BEARER_TOKEN env var support

---
 exporter.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/exporter.py b/exporter.py
index 99695c2..a462ae6 100755
--- a/exporter.py
+++ b/exporter.py
@@ -4,11 +4,14 @@ import asyncio
 import os
 from collections import Counter
 from motor.motor_asyncio import AsyncIOMotorClient
-from sanic import Sanic, response
+from sanic import Sanic, response, exceptions
 
 app = Sanic("exporter")
 
 MONGO_URI = os.getenv("MONGO_URI", "mongodb://127.0.0.1:27017/default")
+PROMETHEUS_BEARER_TOKEN = os.getenv("PROMETHEUS_BEARER_TOKEN")
+if not PROMETHEUS_BEARER_TOKEN:
+    raise ValueError("No PROMETHEUS_BEARER_TOKEN specified")
 
 
 @app.listener("before_server_start")
@@ -68,6 +71,8 @@ async def openvpn_stats(port, service):
 
 @app.route("/metrics")
 async def view_export(request):
+    if request.token != PROMETHEUS_BEARER_TOKEN:
+        raise exceptions.Forbidden("Invalid bearer token")
     coll = app.ctx.db["certidude_certificates"]
 
     async def streaming_fn(response):