From 5a199b8842a6739b13ba2cfbb4561bae08546089 Mon Sep 17 00:00:00 2001
From: mat <github@matdoes.dev>
Date: Thu, 30 Dec 2021 18:36:08 -0600
Subject: metrics is only allowed from localhost

---
 src/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/index.ts b/src/index.ts
index d6a18f7..613d7c8 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -203,7 +203,8 @@ const apiKeyCounter = new Gauge({
 })
 
 app.get('/metrics', async (req, res) => {
-	console.log(req.params, req.headers)
+	if (!req.headers.host?.startsWith('0.0.0.0:'))
+		return res.status(403).send('Forbidden')
 	try {
 		res.set('Content-Type', register.contentType)
 		res.end(await register.metrics())
-- 
cgit