only allow metrics endpoint from localhost and wireguard and prometheus metrics neat to have the prometheus user agent as a extra

2026-04-07 02:34:19 +02:00
parent dfa658e4ce
commit 898f8106ed
2 changed files with 5 additions and 4 deletions
@@ -1,4 +1,4 @@
-from quart_common.web.decorators import restrict_ip_addresses
+from quart_common.web.decorators import restrict_ip_addresses, require_user_agent
 from quart import Blueprint, jsonify
 from typing import TYPE_CHECKING
@@ -10,7 +10,7 @@ def create_metrics_blueprint(server:'Server') -> Blueprint:
  blueprint = Blueprint('metrics', __name__)
  @blueprint.get('/metrics')
-  @restrict_ip_addresses(allow=['192.168.188.0/24', '192.168.200.0/24'], abort_code=404)
+  @restrict_ip_addresses(allow=['127.0.0.1', '192.168.200.0/24'], abort_code=404)
  async def metrics():
    snapshot = await server.metrics_collector.build_snapshot(
      server.game_runtime.game_last_seen_unix,
@@ -19,7 +19,8 @@ def create_metrics_blueprint(server:'Server') -> Blueprint:
    return jsonify(snapshot)
  @blueprint.get('/metrics/prometheus')
-  @restrict_ip_addresses(allow=['192.168.188.0/24', '192.168.200.0/24'], abort_code=404)
+  @restrict_ip_addresses(allow=['127.0.0.1', '192.168.188.0/24', '192.168.200.0/24'], abort_code=404)
  @require_user_agent("prometheus", abort_code=404)
  async def metrics_prometheus():
    snapshot = await server.metrics_collector.build_snapshot(
      server.game_runtime.game_last_seen_unix,