Merge pull request #931 from haoming29/fix-prom-not-handled

Fix Prometheus handler not called

web_ui/authorization.go

@@ -95,7 +95,10 @@ func promQueryEngineAuthHandler(av1 *route.Router) gin.HandlerFunc {
 				av1.ServeHTTP(c.Writer, c.Request)
 			} else {
 				c.JSON(status, gin.H{"error": "Correct authorization required to access Prometheus query engine APIs. " + err.Error()})
+				return
 			}
+		} else {
+			av1.ServeHTTP(c.Writer, c.Request)
 		}
 	}
 }

web_ui/prometheus_test.go

@@ -21,6 +21,7 @@ package web_ui
 import (
 	"bytes"
 	"context"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -41,6 +42,56 @@ import (
 	"github.com/pelicanplatform/pelican/token_scopes"
 )
 
+func TestPrometheusUnprotected(t *testing.T) {
+	ctx, cancel, egrp := test_utils.TestContext(context.Background(), t)
+	defer func() { require.NoError(t, egrp.Wait()) }()
+	defer cancel()
+
+	viper.Reset()
+
+	av1 := route.New().WithPrefix("/api/v1.0/prometheus")
+	av1.Get("/query", func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		_, err := w.Write([]byte("Prometheus response"))
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+		}
+	})
+
+	// Create temp dir for the origin key file
+	tDir := t.TempDir()
+	kfile := filepath.Join(tDir, "testKey")
+	//Setup a private key
+	viper.Set("IssuerKey", kfile)
+	config.InitConfig()
+	err := config.InitServer(ctx, config.OriginType)
+	require.NoError(t, err)
+
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+
+	viper.Set("Monitoring.PromQLAuthorization", false)
+
+	// Set ExternalWebUrl so that IssuerCheck can pass
+	viper.Set("Server.ExternalWebUrl", "https://test-origin.org:8444")
+
+	c.Request = &http.Request{
+		URL: &url.URL{},
+	}
+
+	// Set the request to run through the promQueryEngineAuthHandler function
+	r.GET("/api/v1.0/prometheus/*any", promQueryEngineAuthHandler(av1))
+	c.Request, _ = http.NewRequest(http.MethodGet, "/api/v1.0/prometheus/query", bytes.NewBuffer([]byte(`{}`)))
+	r.ServeHTTP(w, c.Request)
+
+	assert.Equal(t, 200, w.Result().StatusCode)
+	resultBytes, err := io.ReadAll(w.Result().Body)
+	require.NoError(t, err, "Error reading the response body")
+
+	assert.NotEmpty(t, string(resultBytes), "Response is 200 but with an empty body. Potentially Prometheus handler is not called in promQueryEngineAuthHandler")
+	assert.Contains(t, string(resultBytes), `Prometheus response`)
+}
+
 // Test the Prometheus query engine endpoint auth check with an server issuer token
 // set in cookie
 func TestPrometheusProtectionCookieAuth(t *testing.T) {
@@ -49,7 +100,6 @@ func TestPrometheusProtectionCookieAuth(t *testing.T) {
 	defer cancel()
 
 	viper.Reset()
-	viper.Set("Monitoring.PromQLAuthorization", true)
 
 	av1 := route.New().WithPrefix("/api/v1.0/prometheus")
 
@@ -65,6 +115,8 @@ func TestPrometheusProtectionCookieAuth(t *testing.T) {
 	w := httptest.NewRecorder()
 	c, r := gin.CreateTestContext(w)
 
+	viper.Set("Monitoring.PromQLAuthorization", true)
+
 	// Set ExternalWebUrl so that IssuerCheck can pass
 	viper.Set("Server.ExternalWebUrl", "https://test-origin.org:8444")
 

web_ui/ui.go

@@ -251,7 +251,7 @@ func configureCommonEndpoints(engine *gin.Engine) error {
 }
 
 // Configure metrics related endpoints, including Prometheus and /health API
-func configureMetrics(ctx context.Context, engine *gin.Engine) error {
+func configureMetrics(engine *gin.Engine) error {
 	// Add authorization to /metric endpoint
 	engine.Use(promMetricAuthHandler)
 
@@ -333,7 +333,7 @@ func ConfigureServerWebAPI(ctx context.Context, engine *gin.Engine, egrp *errgro
 	if err := configureCommonEndpoints(engine); err != nil {
 		return err
 	}
-	if err := configureMetrics(ctx, engine); err != nil {
+	if err := configureMetrics(engine); err != nil {
 		return err
 	}
 	if param.Server_EnableUI.GetBool() {