70585358b8
All checks were successful
Test and Publish Templates / test-and-publish (push) Successful in 44s
43 lines
1.2 KiB
Ruby
43 lines
1.2 KiB
Ruby
# Ruby script for Logstash to validate API keys
|
|
# This is a simplified validation - in production, use proper authentication
|
|
|
|
require 'yaml'
|
|
|
|
def register(params)
|
|
@api_keys_file = params["api_keys_file"]
|
|
end
|
|
|
|
def filter(event)
|
|
# Get the API key from the event
|
|
api_key = event.get("[api_key]") || event.get("[@metadata][api_key]")
|
|
|
|
# If no API key, pass through (for backwards compatibility)
|
|
# In production, you should reject events without valid keys
|
|
if api_key.nil? || api_key.empty?
|
|
# For now, allow events without API keys
|
|
# event.cancel # Uncomment to require API keys
|
|
return [event]
|
|
end
|
|
|
|
# Load API keys from file
|
|
begin
|
|
if File.exist?(@api_keys_file)
|
|
config = YAML.load_file(@api_keys_file)
|
|
valid_keys = config['api_keys'].values if config && config['api_keys']
|
|
|
|
# Check if the provided key is valid
|
|
if valid_keys && valid_keys.include?(api_key)
|
|
# Valid key - let the event through
|
|
event.set("[@metadata][authenticated]", true)
|
|
else
|
|
# Invalid key - drop the event
|
|
event.cancel
|
|
end
|
|
end
|
|
rescue => e
|
|
# Log error but don't crash
|
|
event.set("[@metadata][auth_error]", e.message)
|
|
end
|
|
|
|
return [event]
|
|
end |