From 898f8106ed7559b9015b92460ed5a00581e1518d Mon Sep 17 00:00:00 2001 From: Daniel Dolezal Date: Tue, 7 Apr 2026 02:34:19 +0200 Subject: [PATCH] only allow metrics endpoint from localhost and wireguard and prometheus metrics neat to have the prometheus user agent as a extra --- quart_common | 2 +- server/blueprints/metrics.py | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/quart_common b/quart_common index b2f4859..235ba7b 160000 --- a/quart_common +++ b/quart_common @@ -1 +1 @@ -Subproject commit b2f485908b362311190a913b22ab4aebdae928c2 +Subproject commit 235ba7b8e989203f2530d062b248f1cf9553e6f5 diff --git a/server/blueprints/metrics.py b/server/blueprints/metrics.py index 977f7dd..6d00066 100644 --- a/server/blueprints/metrics.py +++ b/server/blueprints/metrics.py @@ -1,4 +1,4 @@ -from quart_common.web.decorators import restrict_ip_addresses +from quart_common.web.decorators import restrict_ip_addresses, require_user_agent from quart import Blueprint, jsonify from typing import TYPE_CHECKING @@ -10,7 +10,7 @@ def create_metrics_blueprint(server:'Server') -> Blueprint: blueprint = Blueprint('metrics', __name__) @blueprint.get('/metrics') - @restrict_ip_addresses(allow=['192.168.188.0/24', '192.168.200.0/24'], abort_code=404) + @restrict_ip_addresses(allow=['127.0.0.1', '192.168.200.0/24'], abort_code=404) async def metrics(): snapshot = await server.metrics_collector.build_snapshot( server.game_runtime.game_last_seen_unix, @@ -19,7 +19,8 @@ def create_metrics_blueprint(server:'Server') -> Blueprint: return jsonify(snapshot) @blueprint.get('/metrics/prometheus') - @restrict_ip_addresses(allow=['192.168.188.0/24', '192.168.200.0/24'], abort_code=404) + @restrict_ip_addresses(allow=['127.0.0.1', '192.168.188.0/24', '192.168.200.0/24'], abort_code=404) + @require_user_agent("prometheus", abort_code=404) async def metrics_prometheus(): snapshot = await server.metrics_collector.build_snapshot( server.game_runtime.game_last_seen_unix,