Skip to content

Commit 1adf207

Browse files
radon-at-beeperradon-at-beeper
committed
Allow authenticating with bearer token
1 parent 673cb7f commit 1adf207

File tree

2 files changed

+25
-6
lines changed

2 files changed

+25
-6
lines changed

README.md

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,10 @@ Main features:
1919

2020
### Configuration
2121

22-
Whether running manually or via the Docker image, the configuration is set
22+
Whether running manually or via the Docker image, the configuration is set
2323
via environment variables. When running manually, copy `.env.default`
24-
into `.env`, set the values and they will be loaded automatically.
25-
When using the Docker image, set the environment variables when running
24+
into `.env`, set the values and they will be loaded automatically.
25+
When using the Docker image, set the environment variables when running
2626
the container.
2727

2828
### Docker
@@ -37,11 +37,19 @@ You will need to configure a webhook receiver in Alertmanager. It should looks s
3737
receivers:
3838
- name: 'myreceiver'
3939
webhook_configs:
40-
- url: 'https://my-matrix-alertmanager.tld/alerts?secret=veryverysecretkeyhere'
40+
- url: 'https://my-matrix-alertmanager.tld/alerts'
41+
http_config:
42+
authorization:
43+
credentials: 'veryverysecretkeyhere'
4144
```
4245
4346
The secret key obviously should match the one in the alertmanager configuration.
4447
48+
The configuration above will pass the secret as an Authorization
49+
header bearer token, alternatively you can pass it as a query
50+
parameter `secret`, but if you do it that way then it is not redacted
51+
from the Alertmanager web UI so this is not really recommended.
52+
4553
### Prometheus rules
4654

4755
Add some styling to your prometheus rules

src/routes.js

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,22 @@ const routes = {
66
res.send('Hey 👋')
77
},
88
postAlerts: async (req, res) => {
9-
const secret = req.query.secret
10-
if (secret !== process.env.APP_ALERTMANAGER_SECRET) {
9+
let authorized = false;
10+
let expectedSecret = process.env.APP_ALERTMANAGER_SECRET;
11+
12+
if (req.query.secret === expectedSecret) {
13+
authorized = true;
14+
}
15+
16+
if (req.get('authorization') === `Bearer ${expectedSecret}`) {
17+
authorized = true;
18+
}
19+
20+
if (!authorized) {
1121
res.status(403).end()
1222
return
1323
}
24+
1425
const alerts = utils.parseAlerts(req.body)
1526

1627
if (!alerts) {

0 commit comments

Comments
 (0)