From 937d5d916c4bb0d3331d35edc5cd51acff92eb2c Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Wed, 11 Mar 2020 11:13:18 +0100
Subject: [PATCH] add monitoring-dedicated status page

---
 conf/manager.conf.in      |  4 ++++
 lib/AccountManager/App.pm | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/conf/manager.conf.in b/conf/manager.conf.in
index ac852a0..f467ec4 100644
--- a/conf/manager.conf.in
+++ b/conf/manager.conf.in
@@ -11,6 +11,10 @@ templates_dir = @templatesdir@
 templates_theme = edugain
 accounts_file = /var/lib/access-check/accounts.php
 
+[status]
+allow = 127.0.0.1, ::1, 10.45.0.0/16
+disabled = 0
+
 [federations]
 # list of all federations from which to fetch metadata
 edugain = https://mds.edugain.org/
diff --git a/lib/AccountManager/App.pm b/lib/AccountManager/App.pm
index 3a71b37..e7a30ee 100644
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -8,6 +8,7 @@ use CGI::Simple::Cookie;
 use DateTime;
 use English qw(-no_match_vars);
 use Log::Any::Adapter;
+use List::Util qw(any);
 use List::MoreUtils qw(uniq);
 use Template;
 use Template::Constants qw(:chomp);
@@ -35,6 +36,7 @@ my %patterns = (
 
 my %actions = (
     home               => 'req_home',
+    status             => 'req_status',
     select_sp          => 'req_select_sp',
     select_email       => 'req_select_email',
     complete_challenge => 'req_complete_challenge',
@@ -703,6 +705,42 @@ sub req_home {
     );
 }
 
+sub req_status {
+    my ($self) = @_;
+
+    Net::IP->require();
+    my $source_ip_string = $ENV{HTTP_X_FORWARDED_FOR} ?
+        (split(/, /, $ENV{HTTP_X_FORWARDED_FOR}))[0] :
+        $ENV{REMOTE_ADDR};
+    my $source_ip = Net::IP->new($source_ip_string);
+    my @allowed_ips_strings = $self->{configuration}->{status}->{allow} ?
+        split(/, */, $self->{configuration}->{status}->{allow}) : ();
+    my @allowed_ips = map { Net::IP->new($_) } @allowed_ips_strings;
+
+    if (any { $_->overlaps($source_ip) } @allowed_ips) {
+        Sys::Hostname->require();
+        JSON->require();
+        print $self->{cgi}->header(
+            -type    => 'application/json',
+            -charset => 'utf8',
+        );
+        my $status =  $self->{configuration}->{status}->{disabled} ? 'disabled' : 'available';
+        print JSON->new()->encode({
+            status => $status,
+            host   => Sys::Hostname::hostname()
+        });
+    } else {
+        $self->{logger}->errorf("Unauthorized access from %s", $source_ip_string);
+        print $self->{cgi}->header(
+            -status  => '403 unauthorized',
+            -type    => 'text/plain',
+        );
+        print "Unauthorized access";
+    }
+
+    exit 0;
+}
+
 sub get_parameter {
     my ($self, %args) = @_;
 
-- 
GitLab