Skip to content

Commit

Permalink
Merge pull request influxdata#1520 from influxdata/md-expose-pprof
Browse files Browse the repository at this point in the history
Expose pprof without auth when enabled for httpd
  • Loading branch information
desa authored Aug 11, 2017
2 parents 2b6a049 + 9ced25f commit ee29d1a
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 1 deletion.
16 changes: 15 additions & 1 deletion services/httpd/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,15 @@ type Route struct {
HandlerFunc interface{}
NoGzip bool
NoJSON bool
BypassAuth bool
}

// Handler represents an HTTP handler for the Kapacitor API server.
type Handler struct {
methodMux map[string]*ServeMux

requireAuthentication bool
exposePprof bool
sharedSecret string

allowGzip bool
Expand Down Expand Up @@ -101,6 +103,7 @@ type Handler struct {
// NewHandler returns a new instance of handler with routes.
func NewHandler(
requireAuthentication,
pprofEnabled,
loggingEnabled,
writeTrace,
allowGzip bool,
Expand All @@ -112,6 +115,7 @@ func NewHandler(
h := &Handler{
methodMux: make(map[string]*ServeMux),
requireAuthentication: requireAuthentication,
exposePprof: pprofEnabled,
sharedSecret: sharedSecret,
allowGzip: allowGzip,
logger: l,
Expand Down Expand Up @@ -203,35 +207,41 @@ func NewHandler(
Pattern: BasePath + "/debug/pprof/",
HandlerFunc: servePprof,
NoJSON: true,
BypassAuth: true,
},
{
Method: "GET",
Pattern: BasePath + "/debug/pprof/cmdline",
HandlerFunc: pprof.Cmdline,
NoJSON: true,
BypassAuth: true,
},
{
Method: "GET",
Pattern: BasePath + "/debug/pprof/profile",
HandlerFunc: pprof.Profile,
NoJSON: true,
BypassAuth: true,
},
{
Method: "GET",
Pattern: BasePath + "/debug/pprof/symbol",
HandlerFunc: pprof.Symbol,
NoJSON: true,
BypassAuth: true,
},
{
Method: "GET",
Pattern: BasePath + "/debug/pprof/trace",
HandlerFunc: pprof.Trace,
NoJSON: true,
BypassAuth: true,
},
{
Method: "GET",
Pattern: BasePath + "/debug/vars",
HandlerFunc: serveExpvar,
BypassAuth: true,
},
})

Expand Down Expand Up @@ -294,7 +304,11 @@ func (h *Handler) addRawRoute(r Route) error {

// This is a normal handler signature so perform standard authentication/authorization.
if hf, ok := r.HandlerFunc.(func(http.ResponseWriter, *http.Request)); ok {
handler = authenticate(authorize(hf), h, h.requireAuthentication)
requireAuth := h.requireAuthentication
if r.BypassAuth && h.exposePprof {
requireAuth = false
}
handler = authenticate(authorize(hf), h, requireAuth)
}
if handler == nil {
return errors.New("route does not have valid handler function")
Expand Down
1 change: 1 addition & 0 deletions services/httpd/httpdtest/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ func NewServer(verbose bool) *Server {
ls := loggingtest.New()
s := &Server{
Handler: httpd.NewHandler(
false,
false,
verbose,
verbose,
Expand Down
1 change: 1 addition & 0 deletions services/httpd/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ func NewService(c Config, hostname string, l *log.Logger, li logging.Interface)
shutdownTimeout: time.Duration(c.ShutdownTimeout),
Handler: NewHandler(
c.AuthEnabled,
c.PprofEnabled,
c.LogEnabled,
c.WriteTracing,
c.GZIP,
Expand Down

0 comments on commit ee29d1a

Please sign in to comment.