Document ID header properties

It needs to be cryptographically unique so that each client is uniquely identified and cannot be mistaken with another client. If it is not cryptographically unique one client could potentially guess the ID and thus send data as if it is was another client. Signed-off-by: Linus Wallgren <[email protected]>
prometheus-community · Jan 11, 2021 · acb1c61 · acb1c61
1 parent 289f852
commit acb1c61
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/cmd/proxy/coordinator.go b/cmd/proxy/coordinator.go
@@ -25,9 +25,9 @@ import (
 	"github.com/go-kit/kit/log"
 	"github.com/go-kit/kit/log/level"
 	"github.com/google/uuid"
+	"github.com/prometheus-community/pushprox/util"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
-	"github.com/prometheus-community/pushprox/util"
 )
 
 var (
@@ -73,6 +73,8 @@ func NewCoordinator(logger log.Logger) (*Coordinator, error) {
 }
 
 // Generate a unique ID
+// It is important this ID is cryptographically unique to ensure clients can't
+// be mixed up.
 func (c *Coordinator) genID() (string, error) {
 	id, err := uuid.NewRandom()
 	return id.String(), err
@@ -114,6 +116,8 @@ func (c *Coordinator) DoScrape(ctx context.Context, r *http.Request) (*http.Resp
 		return nil, err
 	}
 	level.Info(c.logger).Log("msg", "DoScrape", "scrape_id", id, "url", r.URL.String())
+	// It is important this id is cryptographically generated as it is relied
+	// upon to match the request and the response.
 	r.Header.Add("Id", id)
 	select {
 	case <-ctx.Done():