feat: crl support, metrics

2025-01-21 08:33:49 +01:00
parent f0332b21b2
commit 8844427927
9 changed files with 207 additions and 46 deletions
--- a/internal/metrics/metrics.go
+++ b/internal/metrics/metrics.go
@@ -0,0 +1,34 @@
+package metrics
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+const (
+	labelPath   = "path"
+	labelStatus = "status"
+)
+
+var (
+	totalRequests = prometheus.NewCounterVec(prometheus.CounterOpts{
+		Name: "http_requests_total",
+		Help: "Number of get requests.",
+	}, []string{labelPath})
+
+	responseStatus = prometheus.NewCounterVec(prometheus.CounterOpts{
+		Name: "response_status",
+		Help: "Status of HTTP response",
+	}, []string{labelPath, labelStatus})
+
+	httpDuration = prometheus.NewHistogramVec(prometheus.HistogramOpts{
+		Name:    "http_response_time_seconds",
+		Help:    "Duration of HTTP requests.",
+		Buckets: prometheus.DefBuckets,
+	}, []string{labelPath})
+)
+
+func init() {
+	prometheus.MustRegister(totalRequests)
+	prometheus.MustRegister(responseStatus)
+	prometheus.MustRegister(httpDuration)
+}
--- a/internal/metrics/middleware.go
+++ b/internal/metrics/middleware.go
@@ -0,0 +1,35 @@
+package metrics
+
+import (
+	"log"
+	"net/http"
+	"strconv"
+
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+func Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		path := r.URL.Path
+
+		timer := prometheus.NewTimer(httpDuration.With(prometheus.Labels{
+			labelPath: path,
+		}))
+		rw := newResponseWriter(w)
+		next.ServeHTTP(rw, r)
+		if rw.statusCode == 0 {
+			rw.WriteHeader(http.StatusOK)
+		}
+		statusCode := rw.statusCode
+
+		responseStatus.With(prometheus.Labels{
+			labelPath:   path,
+			labelStatus: strconv.Itoa(statusCode),
+		}).Inc()
+		totalRequests.With(prometheus.Labels{
+			labelPath: path,
+		}).Inc()
+
+		log.Printf("%s %s %s %d %s", r.RemoteAddr, r.Method, r.URL.Path, statusCode, timer.ObserveDuration())
+	})
+}
--- a/internal/metrics/response_writer.go
+++ b/internal/metrics/response_writer.go
@@ -0,0 +1,19 @@
+package metrics
+
+import "net/http"
+
+func newResponseWriter(w http.ResponseWriter) *responseWriter {
+	return &responseWriter{w, http.StatusOK}
+}
+
+func (rw *responseWriter) WriteHeader(code int) {
+	rw.statusCode = code
+	if code != http.StatusOK {
+		rw.ResponseWriter.WriteHeader(code)
+	}
+}
+
+type responseWriter struct {
+	http.ResponseWriter
+	statusCode int
+}
--- a/internal/ocsp_source/source.go
+++ b/internal/ocsp_source/source.go
@@ -4,11 +4,8 @@ import (
 	"crypto"
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/pem"
-	"fmt"
 	"math/big"
 	"net/http"
-	"os"
 	"time"

 	"golang.org/x/crypto/ocsp"
@@ -29,21 +26,8 @@ func NewCrlSource(caCertificate *x509.Certificate, responderKeyPair tls.Certific
 	}
 }

-func (source *CrlSource) LoadCrlFromFile(path string) error {
-	crlContent, openCrlError := os.ReadFile(path)
-	if openCrlError != nil {
-		return openCrlError
-	}
-	block, rest := pem.Decode(crlContent)
-	if len(rest) > 0 {
-		return fmt.Errorf("failed to decode crl")
-	}
-	crl, parseCrlError := x509.ParseRevocationList(block.Bytes)
-	if parseCrlError != nil {
-		return parseCrlError
-	}
+func (source *CrlSource) UseCrl(crl *x509.RevocationList) {
 	source.crl = crl
-	return nil
 }

 func (source *CrlSource) Response(request *ocsp.Request) ([]byte, http.Header, error) {