Documentation
¶
Overview ¶
Package metrics defines Prometheus collectors and helpers for Authorizer observability (HTTP traffic, auth events, GraphQL, security signals, and database health).
Index ¶
- Constants
- Variables
- func GraphQLOperationPrometheusLabel(operationName string) string
- func Init()
- func RecordAuthEvent(event, status string)
- func RecordClientIDHeaderMissing()
- func RecordGraphQLError(operation string)
- func RecordGraphQLLimitRejection(limit string)
- func RecordSecurityEvent(event, reason string)
- func SkipHTTPRequestMetrics(path string) bool
Constants ¶
const ( EventLogin = "login" EventSignup = "signup" EventLogout = "logout" EventForgotPwd = "forgot_password" EventResetPwd = "reset_password" EventVerifyEmail = "verify_email" EventVerifyOTP = "verify_otp" EventMagicLink = "magic_link_login" EventAdminLogin = "admin_login" EventAdminLogout = "admin_logout" EventOAuthLogin = "oauth_login" EventOAuthCallback = "oauth_callback" EventTokenIssued = "token_issued" EventTokenRefresh = "token_refresh" EventTokenRevoke = "token_revoke" StatusSuccess = "success" StatusFailure = "failure" )
Auth event names used as label values for AuthEventsTotal.
const ( GraphQLLimitDepth = "depth" GraphQLLimitComplexity = "complexity" GraphQLLimitAlias = "alias" GraphQLLimitBodySize = "body_size" )
GraphQL query-limit kind labels (low-cardinality, package-internal).
Variables ¶
var ( // HTTPRequestsTotal is the total number of HTTP requests received. HTTPRequestsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "authorizer_http_requests_total", Help: "Total number of HTTP requests", }, []string{"method", "path", "status"}, ) // HTTPRequestDuration tracks the duration of HTTP requests in seconds. HTTPRequestDuration = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "authorizer_http_request_duration_seconds", Help: "HTTP request duration in seconds", Buckets: prometheus.DefBuckets, }, []string{"method", "path"}, ) // AuthEventsTotal is the total number of authentication events. AuthEventsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "authorizer_auth_events_total", Help: "Total number of authentication events", }, []string{"event", "status"}, ) // ActiveSessions is the current number of active sessions. ActiveSessions = prometheus.NewGauge( prometheus.GaugeOpts{ Name: "authorizer_active_sessions", Help: "Number of active sessions", }, ) // SecurityEventsTotal tracks security-sensitive events for alerting. SecurityEventsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "authorizer_security_events_total", Help: "Total number of security-relevant events (failed logins, invalid tokens, etc.)", }, []string{"event", "reason"}, ) // GraphQLErrorsTotal tracks GraphQL responses that contain errors (HTTP 200 but with errors). GraphQLErrorsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "authorizer_graphql_errors_total", Help: "Total number of GraphQL responses containing errors (operation label is bounded: anonymous or op_<hash>)", }, []string{"operation"}, ) // GraphQLLimitRejectionsTotal tracks GraphQL operations rejected because // they exceeded one of the configured query limits (depth, complexity, // alias count, body size). Use this to spot abuse patterns or to tune // the limits — a sustained non-zero rate on the legitimate operation // surface usually means the limit is too tight. GraphQLLimitRejectionsTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "authorizer_graphql_limit_rejections_total", Help: "GraphQL operations rejected for exceeding a configured query limit. limit label is one of: depth, complexity, alias, body_size", }, []string{"limit"}, ) // GraphQLRequestDuration tracks GraphQL operation latency. GraphQLRequestDuration = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "authorizer_graphql_request_duration_seconds", Help: "GraphQL operation duration in seconds (operation label is bounded: anonymous or op_<hash>)", Buckets: prometheus.DefBuckets, }, []string{"operation"}, ) // DBHealthCheckTotal tracks database health check outcomes. DBHealthCheckTotal = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "authorizer_db_health_check_total", Help: "Total number of database health checks by result", }, []string{"status"}, ) // ClientIDHeaderMissingTotal counts allowed requests with no X-Authorizer-Client-ID header. ClientIDHeaderMissingTotal = prometheus.NewCounter( prometheus.CounterOpts{ Name: "authorizer_client_id_header_missing_total", Help: "Total requests that omitted X-Authorizer-Client-ID (allowed for some routes)", }, ) )
Functions ¶
func GraphQLOperationPrometheusLabel ¶
GraphQLOperationPrometheusLabel maps an operation name to a bounded-cardinality value suitable for Prometheus labels (never use raw client-supplied names as labels).
func Init ¶
func Init()
Init registers all metrics with the default prometheus registry. It is safe to call multiple times; registration happens only once.
func RecordAuthEvent ¶
func RecordAuthEvent(event, status string)
RecordAuthEvent records an authentication event with given status. event and status must be low-cardinality values (package constants); do not pass user input.
func RecordClientIDHeaderMissing ¶
func RecordClientIDHeaderMissing()
RecordClientIDHeaderMissing records a request that had no client ID header.
func RecordGraphQLError ¶
func RecordGraphQLError(operation string)
RecordGraphQLError records a GraphQL error for the given operation name.
func RecordGraphQLLimitRejection ¶
func RecordGraphQLLimitRejection(limit string)
RecordGraphQLLimitRejection records a GraphQL operation rejected for exceeding one of the configured query limits. limit must be one of the GraphQLLimit* constants above.
func RecordSecurityEvent ¶
func RecordSecurityEvent(event, reason string)
RecordSecurityEvent records a security-relevant event for alerting. event and reason must be low-cardinality values; do not pass user-controlled strings.
func SkipHTTPRequestMetrics ¶
SkipHTTPRequestMetrics reports whether a request path should be omitted from HTTP request counters and histograms (UI routes, static assets, favicons, images, fonts).
Types ¶
This section is empty.
Source Files