# Ruby script for Logstash to validate API keys # This is a simplified validation - in production, use proper authentication require 'yaml' def register(params) @api_keys_file = params["api_keys_file"] end def filter(event) # Get the API key from the event api_key = event.get("[api_key]") || event.get("[@metadata][api_key]") # If no API key, pass through (for backwards compatibility) # In production, you should reject events without valid keys if api_key.nil? || api_key.empty? # For now, allow events without API keys # event.cancel # Uncomment to require API keys return [event] end # Load API keys from file begin if File.exist?(@api_keys_file) config = YAML.load_file(@api_keys_file) valid_keys = config['api_keys'].values if config && config['api_keys'] # Check if the provided key is valid if valid_keys && valid_keys.include?(api_key) # Valid key - let the event through event.set("[@metadata][authenticated]", true) else # Invalid key - drop the event event.cancel end end rescue => e # Log error but don't crash event.set("[@metadata][auth_error]", e.message) end return [event] end