From e569995e4800b0f4beec3d3391d5ef009bba4103 Mon Sep 17 00:00:00 2001 From: YotaHamada Date: Wed, 12 Nov 2025 10:19:53 +0900 Subject: [PATCH] api: expose metrics without auth (#1410) --- internal/service/frontend/api/v2/api.go | 1 + .../service/frontend/api/v2/metrics_test.go | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 internal/service/frontend/api/v2/metrics_test.go diff --git a/internal/service/frontend/api/v2/api.go b/internal/service/frontend/api/v2/api.go index a8ac1a80..2f1f7e60 100644 --- a/internal/service/frontend/api/v2/api.go +++ b/internal/service/frontend/api/v2/api.go @@ -145,6 +145,7 @@ func (a *API) ConfigureRoutes(ctx context.Context, r chi.Router, baseURL string) Creds: map[string]string{authConfig.Basic.Username: authConfig.Basic.Password}, PublicPaths: []string{ pathutil.BuildPublicEndpointPath(basePath, "api/v2/health"), + pathutil.BuildPublicEndpointPath(basePath, "api/v2/metrics"), }, } diff --git a/internal/service/frontend/api/v2/metrics_test.go b/internal/service/frontend/api/v2/metrics_test.go new file mode 100644 index 00000000..476cd7f4 --- /dev/null +++ b/internal/service/frontend/api/v2/metrics_test.go @@ -0,0 +1,24 @@ +package api_test + +import ( + "net/http" + "testing" + + "github.com/dagu-org/dagu/internal/common/config" + "github.com/dagu-org/dagu/internal/test" + "github.com/stretchr/testify/require" +) + +func TestMetrics_BypassesAuth(t *testing.T) { + server := test.SetupServer(t, test.WithConfigMutator(func(cfg *config.Config) { + cfg.Server.Auth.Basic.Username = "admin" + cfg.Server.Auth.Basic.Password = "secret" + })) + + resp := server.Client().Get("/api/v2/metrics").ExpectStatus(http.StatusOK).Send(t) + + require.Contains(t, resp.Response.Header().Get("Content-Type"), "text/plain") + require.NotEmpty(t, resp.Body) + + server.Client().Get("/api/v2/dag-runs").ExpectStatus(http.StatusUnauthorized).Send(t) +}