metrics: Add rule action metrics
This commit is contained in:
WeebDataHoarder
@@ -43,7 +43,8 @@ func init() {
|
||||
return nil, fmt.Errorf("no registered challenges found in rule %s", ruleName)
|
||||
}
|
||||
|
||||
passHandler, ok := Register[policy.RuleAction(strings.ToUpper(params.PassAction))]
|
||||
passAction := policy.RuleAction(strings.ToUpper(params.PassAction))
|
||||
passHandler, ok := Register[passAction]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unknown pass action %s", params.PassAction)
|
||||
}
|
||||
@@ -53,7 +54,8 @@ func init() {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
failHandler, ok := Register[policy.RuleAction(strings.ToUpper(params.FailAction))]
|
||||
failAction := policy.RuleAction(strings.ToUpper(params.FailAction))
|
||||
failHandler, ok := Register[failAction]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unknown pass action %s", params.FailAction)
|
||||
}
|
||||
@@ -69,8 +71,10 @@ func init() {
|
||||
Continue: cont,
|
||||
Challenges: regs,
|
||||
|
||||
PassAction: passActionHandler,
|
||||
FailAction: failActionHandler,
|
||||
PassAction: passAction,
|
||||
PassActionHandler: passActionHandler,
|
||||
FailAction: failAction,
|
||||
FailActionHandler: failActionHandler,
|
||||
}, nil
|
||||
}
|
||||
Register[policy.RuleActionCHALLENGE] = func(state challenge.StateInterface, ruleName, ruleHash string, settings ast.Node) (Handler, error) {
|
||||
@@ -104,8 +108,10 @@ type Challenge struct {
|
||||
Continue bool
|
||||
Challenges []*challenge.Registration
|
||||
|
||||
PassAction Handler
|
||||
FailAction Handler
|
||||
PassAction policy.RuleAction
|
||||
PassActionHandler Handler
|
||||
FailAction policy.RuleAction
|
||||
FailActionHandler Handler
|
||||
}
|
||||
|
||||
func (a Challenge) Handle(logger *slog.Logger, w http.ResponseWriter, r *http.Request, done func() (backend http.Handler)) (next bool, err error) {
|
||||
@@ -120,7 +126,8 @@ func (a Challenge) Handle(logger *slog.Logger, w http.ResponseWriter, r *http.Re
|
||||
}
|
||||
|
||||
// we passed!
|
||||
return a.PassAction.Handle(logger.With("challenge", reg.Name), w, r, done)
|
||||
data.State.ActionHit(r, a.PassAction, logger)
|
||||
return a.PassActionHandler.Handle(logger.With("challenge", reg.Name), w, r, done)
|
||||
}
|
||||
}
|
||||
// none matched, issue challenges in sequential priority
|
||||
@@ -146,7 +153,8 @@ func (a Challenge) Handle(logger *slog.Logger, w http.ResponseWriter, r *http.Re
|
||||
return true, nil
|
||||
}
|
||||
|
||||
return a.PassAction.Handle(logger.With("challenge", reg.Name), w, r, done)
|
||||
data.State.ActionHit(r, a.PassAction, logger)
|
||||
return a.PassActionHandler.Handle(logger.With("challenge", reg.Name), w, r, done)
|
||||
case challenge.VerifyResultNotOK:
|
||||
// we have had the challenge checked, but it's not ok!
|
||||
// safe to continue
|
||||
@@ -160,7 +168,8 @@ func (a Challenge) Handle(logger *slog.Logger, w http.ResponseWriter, r *http.Re
|
||||
continue
|
||||
}
|
||||
|
||||
return a.FailAction.Handle(logger, w, r, done)
|
||||
data.State.ActionHit(r, a.FailAction, logger)
|
||||
return a.FailActionHandler.Handle(logger, w, r, done)
|
||||
case challenge.VerifyResultNone:
|
||||
// challenge was issued
|
||||
if reg.Class == challenge.ClassTransparent {
|
||||
@@ -177,5 +186,6 @@ func (a Challenge) Handle(logger *slog.Logger, w http.ResponseWriter, r *http.Re
|
||||
}
|
||||
|
||||
// nothing matched, execute default action
|
||||
return a.FailAction.Handle(logger, w, r, done)
|
||||
data.State.ActionHit(r, a.FailAction, logger)
|
||||
return a.FailActionHandler.Handle(logger, w, r, done)
|
||||
}
|
||||
|
||||
@@ -101,6 +101,7 @@ type StateInterface interface {
|
||||
|
||||
RuleHit(r *http.Request, name string, logger *slog.Logger)
|
||||
RuleMiss(r *http.Request, name string, logger *slog.Logger)
|
||||
ActionHit(r *http.Request, name policy.RuleAction, logger *slog.Logger)
|
||||
|
||||
Logger(r *http.Request) *slog.Logger
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"git.gammaspectra.live/git/go-away/embed"
|
||||
"git.gammaspectra.live/git/go-away/lib/action"
|
||||
"git.gammaspectra.live/git/go-away/lib/challenge"
|
||||
"git.gammaspectra.live/git/go-away/lib/policy"
|
||||
"git.gammaspectra.live/git/go-away/utils"
|
||||
"html/template"
|
||||
"log/slog"
|
||||
@@ -130,6 +131,7 @@ func (state *State) handleRequest(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
state.RuleHit(r, "DEFAULT", lg)
|
||||
data.State.ActionHit(r, policy.RuleActionPASS, lg)
|
||||
|
||||
// default pass
|
||||
_, _ = action.Pass{}.Handle(lg, w, r, func() http.Handler {
|
||||
|
||||
@@ -76,6 +76,10 @@ func (state *State) RuleMiss(r *http.Request, name string, logger *slog.Logger)
|
||||
state.metrics.Rule(name, "miss")
|
||||
}
|
||||
|
||||
func (state *State) ActionHit(r *http.Request, name policy.RuleAction, logger *slog.Logger) {
|
||||
state.metrics.Action(name)
|
||||
}
|
||||
|
||||
func (state *State) Logger(r *http.Request) *slog.Logger {
|
||||
return GetLoggerForRequest(r)
|
||||
}
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
package lib
|
||||
|
||||
import (
|
||||
"git.gammaspectra.live/git/go-away/lib/policy"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
)
|
||||
|
||||
type stateMetrics struct {
|
||||
rules *prometheus.CounterVec
|
||||
actions *prometheus.CounterVec
|
||||
challenges *prometheus.CounterVec
|
||||
}
|
||||
|
||||
@@ -16,8 +18,12 @@ func newMetrics() *stateMetrics {
|
||||
Name: "go-away_rule_results",
|
||||
Help: "The number of rule hits or misses",
|
||||
}, []string{"rule", "result"}),
|
||||
actions: promauto.NewCounterVec(prometheus.CounterOpts{
|
||||
Name: "go-away_action_results",
|
||||
Help: "The number of each action issued",
|
||||
}, []string{"action"}),
|
||||
challenges: promauto.NewCounterVec(prometheus.CounterOpts{
|
||||
Name: "go-away_challenge_actions",
|
||||
Name: "go-away_challenge_results",
|
||||
Help: "The number of challenges issued, passed or explicitly failed",
|
||||
}, []string{"challenge", "action"}),
|
||||
}
|
||||
@@ -27,6 +33,10 @@ func (metrics *stateMetrics) Rule(name, result string) {
|
||||
metrics.rules.With(prometheus.Labels{"rule": name, "result": result}).Inc()
|
||||
}
|
||||
|
||||
func (metrics *stateMetrics) Challenge(name, action string) {
|
||||
metrics.challenges.With(prometheus.Labels{"challenge": name, "action": action}).Inc()
|
||||
func (metrics *stateMetrics) Action(action policy.RuleAction) {
|
||||
metrics.actions.With(prometheus.Labels{"action": string(action)}).Inc()
|
||||
}
|
||||
|
||||
func (metrics *stateMetrics) Challenge(name, result string) {
|
||||
metrics.challenges.With(prometheus.Labels{"challenge": name, "action": result}).Inc()
|
||||
}
|
||||
|
||||
@@ -109,6 +109,7 @@ func (rule RuleState) Evaluate(logger *slog.Logger, w http.ResponseWriter, r *ht
|
||||
if out.Equal(types.True) == types.True {
|
||||
data.State.RuleHit(r, rule.Name, logger)
|
||||
|
||||
data.State.ActionHit(r, rule.Action, logger)
|
||||
next, err = rule.Handler.Handle(lg, w, r, func() http.Handler {
|
||||
r.Header.Set("X-Away-Rule", rule.Name)
|
||||
r.Header.Set("X-Away-Hash", rule.Hash)
|
||||
|
||||
Reference in New Issue
Block a user