Adds counter for authorize attempts per user. Usefull to see per-user…

… usage of the API
trustwallet · Feb 16, 2021 · f244084 · f244084
1 parent 83786c4
commit f244084
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/src/authorize-user.ts b/src/authorize-user.ts
@@ -1,6 +1,7 @@
 import {UserSettings, UserSettingsConfig} from "./user-settings";
 import {Credentials} from "./credential-settings";
 import BasicAuth from 'express-basic-auth'
+import {PromClient} from "./prom-client";
 
 export interface ProxyAuthorizer {
     getUserSettings: (username: string, password: string) => UserSettings | undefined
@@ -11,7 +12,12 @@ function validUser({user, password}: Credentials, suppliedUsername: string, supp
     return BasicAuth.safeCompare(suppliedUsername, user) && BasicAuth.safeCompare(suppliedPassword, password)
 }
 
-export function createProxyAuthorizer(defaultSettings: UserSettings, userSettings: UserSettingsConfig, users: Credentials[]): ProxyAuthorizer {
+export function createProxyAuthorizer(
+    defaultSettings: UserSettings,
+    userSettings: UserSettingsConfig,
+    users: Credentials[],
+    promClient?: PromClient
+): ProxyAuthorizer {
 
     const findValidUserSettings = (username: string, password: string): UserSettings | undefined => {
         return users
@@ -26,7 +32,11 @@ export function createProxyAuthorizer(defaultSettings: UserSettings, userSetting
     }
 
     return {
-        myAuthorizer: (username: string, password: string) => findValidUserSettings(username, password) !== undefined,
+        myAuthorizer: (username: string, password: string) => {
+            const authorized = findValidUserSettings(username, password) !== undefined
+            promClient?.incAuthorizeAttempt(username, authorized)
+            return authorized
+        },
         getUserSettings: (username: string, password: string) => findValidUserSettings(username, password),
     }
 }
diff --git a/src/prom-client.ts b/src/prom-client.ts
@@ -13,6 +13,7 @@ export interface PromClient {
     incDDOS: (ip: string) => void,
     incWebsocketSubscription: (ip: string) => void,
     incWebsocketMessage: (ip: string) => void,
+    incAuthorizeAttempt: (username: string, wasAuthorized: boolean) => void
     timeNodeRpc: (action: RPCAction) => MaybeTimedCall,
     timePrice: () => MaybeTimedCall,
     timeVerifiedAccounts: () => MaybeTimedCall,
@@ -74,6 +75,13 @@ export function createPrometheusClient(): PromClient {
         labelNames: ["ip"]
     })
 
+    let countAuthorizedAttempts = new client.Counter({
+        registers: [register],
+        name: "authorized_attempts",
+        help: "Counts basic auth attempts for a given user",
+        labelNames: ["username", "success"]
+    })
+
     let rpcHistogram = new client.Histogram({
         registers: [register],
         name: "time_rpc_call",
@@ -102,6 +110,7 @@ export function createPrometheusClient(): PromClient {
         incDDOS: (ip: string) => countDDOS.labels(ip).inc(),
         incWebsocketSubscription: (ip: string) => countWebsocketSubscription.labels(ip).inc(),
         incWebsocketMessage: (ip: string) => countWebsocketMessage.labels(ip).inc(),
+        incAuthorizeAttempt: (username, wasAuthorized) => countAuthorizedAttempts.labels(username, wasAuthorized ? 'authorized' : 'denied').inc(),
         timeNodeRpc: (action: RPCAction) => rpcHistogram.startTimer({action: action}),
         timePrice: () => priceHistogram.startTimer(),
         timeVerifiedAccounts: () => verifiedAccountsHistogram.startTimer(),

diff --git a/src/proxy.ts b/src/proxy.ts
@@ -136,7 +136,7 @@ const settings: ProxySettings = readProxySettings(configPaths.settings)
 const user_settings: UserSettingsConfig = readUserSettings(configPaths.user_settings)
 const defaultUserSettings: UserSettings = loadDefaultUserSettings(settings)
 const promClient: PromClient | undefined = settings.enable_prometheus_for_ips.length > 0 ? createPrometheusClient() : undefined
-const userAuthorizer: ProxyAuthorizer | undefined = settings.use_auth ? createProxyAuthorizer(defaultUserSettings, user_settings, users) : undefined
+const userAuthorizer: ProxyAuthorizer | undefined = settings.use_auth ? createProxyAuthorizer(defaultUserSettings, user_settings, users, promClient) : undefined
 const powSettings: PowSettings = readPowSettings(configPaths.pow_creds, settings)
 
 proxyLogSettings(console.log, settings)