7 年之前 · dcc48860b8
--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@@ -454,14 +454,11 @@ Ex `filters = sqlstore:debug`
 
				 ### enabled
			
 
				 Enable metrics reporting. defaults true. Available via HTTP API `/metrics`.
			
 
				 
			
 
				-### basic_auth_enabled
			
 
				-Enables basic authentication on the metrics endpoint. Defaults to false.
			
 
				-
			
 
				 ### basic_auth_username
			
 
				-Username to use for basic authentication on the metrics endpoint.
			
 
				+If set configures the username to use for basic authentication on the metrics endpoint.
			
 
				 
			
 
				 ### basic_auth_password
			
 
				-Password to use for basic authentication on the metrics endpoint.
			
 
				+If set configures the password to use for basic authentication on the metrics endpoint.
			
 
				 
			
 
				 ### interval_seconds
			
 
				 
			
--- a/pkg/api/http_server.go
+++ b/pkg/api/http_server.go
@@ -246,11 +246,11 @@ func (hs *HTTPServer) metricsEndpoint(ctx *macaron.Context) {
 
				 		return
			
 
				 	}
			
 
				 
			
 
				-	if hs.Cfg.MetricsEndpointBasicAuthEnabled {
			
 
				-		if !util.BasicAuthenticatedRequest(ctx.Req, hs.Cfg.MetricsEndpointBasicAuthUsername, hs.Cfg.MetricsEndpointBasicAuthPassword) {
			
 
				-			ctx.Resp.WriteHeader(http.StatusUnauthorized)
			
 
				-			return
			
 
				-		}
			
 
				+	if hs.Cfg.MetricsEndpointBasicAuthUsername != "" &&
			
 
				+		hs.Cfg.MetricsEndpointBasicAuthPassword != "" &&
			
 
				+		!util.BasicAuthenticatedRequest(ctx.Req, hs.Cfg.MetricsEndpointBasicAuthUsername, hs.Cfg.MetricsEndpointBasicAuthPassword) {
			
 
				+		ctx.Resp.WriteHeader(http.StatusUnauthorized)
			
 
				+		return
			
 
				 	}
			
 
				 
			
 
				 	promhttp.HandlerFor(prometheus.DefaultGatherer, promhttp.HandlerOpts{}).
			
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -215,7 +215,6 @@ type Cfg struct {
 
				 	DisableBruteForceLoginProtection bool
			
 
				 	TempDataLifetime                 time.Duration
			
 
				 	MetricsEndpointEnabled           bool
			
 
				-	MetricsEndpointBasicAuthEnabled  bool
			
 
				 	MetricsEndpointBasicAuthUsername string
			
 
				 	MetricsEndpointBasicAuthPassword string
			
 
				 	EnableAlphaPanels                bool
			
@@ -679,7 +678,6 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 
				 	cfg.PhantomDir = filepath.Join(HomePath, "tools/phantomjs")
			
 
				 	cfg.TempDataLifetime = iniFile.Section("paths").Key("temp_data_lifetime").MustDuration(time.Second * 3600 * 24)
			
 
				 	cfg.MetricsEndpointEnabled = iniFile.Section("metrics").Key("enabled").MustBool(true)
			
 
				-	cfg.MetricsEndpointBasicAuthEnabled = iniFile.Section("metrics").Key("basic_auth_enabled").MustBool(true)
			
 
				 	cfg.MetricsEndpointBasicAuthUsername = iniFile.Section("metrics").Key("basic_auth_username").String()
			
 
				 	cfg.MetricsEndpointBasicAuthPassword = iniFile.Section("metrics").Key("basic_auth_password").String()
			
 
				 
			
--- a/pkg/util/auth.go
+++ b/pkg/util/auth.go
@@ -11,7 +11,7 @@ import (
 
				 // Uses constant-time comparison in order to mitigate timing attacks.
			
 
				 func BasicAuthenticatedRequest(req macaron.Request, expectedUser, expectedPass string) bool {
			
 
				 	user, pass, ok := req.BasicAuth()
			
 
				-	if !ok ||  subtle.ConstantTimeCompare([]byte(user), []byte(expectedUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(expectedPass)) != 1 {
			
 
				+	if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(expectedUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(expectedPass)) != 1 {
			
 
				 		return false
			
 
				 	}