Fixes #342

oharsta · oharsta · commit 5314da25d7d9 · 2025-08-18T15:44:39.000+02:00
diff --git a/client/src/styles/vars.scss b/client/src/styles/vars.scss
@@ -2,4 +2,3 @@ $background: #eaebf0;
 $br: 6px;
 // Screen
 $medium: 824px;
-$tablet-max: 824px;
diff --git a/client/src/tabs/Tokens.scss b/client/src/tabs/Tokens.scss
@@ -64,7 +64,7 @@ div.mod-tokens {
         width: 100%;
         margin: 40px auto 25px auto;
 
-        @media (max-width: $tablet-max) {
+        @media (max-width: $medium) {
             flex-direction: column;
         }
 
@@ -86,7 +86,7 @@ div.mod-tokens {
         div.new-token {
             width: 60%;
 
-            @media (max-width: $tablet-max) {
+            @media (max-width: $medium) {
                 padding: 15px;
                 width: 100%;
             }
diff --git a/server/pom.xml b/server/pom.xml
@@ -38,6 +38,11 @@
             <artifactId>spring-boot-configuration-processor</artifactId>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+            <version>1.15.1</version>
+        </dependency>
         <dependency>
             <groupId>ch.qos.logback.contrib</groupId>
             <artifactId>logback-json-classic</artifactId>
diff --git a/server/src/main/java/invite/InviteServerApplication.java b/server/src/main/java/invite/InviteServerApplication.java
@@ -4,10 +4,10 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 @SpringBootApplication
-public class AccessServerApplication {
+public class InviteServerApplication {
 
     public static void main(String[] args) {
-        SpringApplication.run(AccessServerApplication.class, args);
+        SpringApplication.run(InviteServerApplication.class, args);
     }
 
 }
diff --git a/server/src/main/java/invite/api/MetricsController.java b/server/src/main/java/invite/api/MetricsController.java
@@ -0,0 +1,66 @@
+package invite.api;
+
+import invite.model.Authority;
+import invite.model.Status;
+import invite.repository.*;
+import io.micrometer.core.instrument.Gauge;
+import io.micrometer.core.instrument.MeterRegistry;
+import io.swagger.v3.oas.annotations.Hidden;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.stream.Stream;
+
+@RestController
+@Hidden
+public class MetricsController {
+
+    public MetricsController(UserRepository userRepository,
+                             RoleRepository roleRepository,
+                             InvitationRepository invitationRepository,
+                             UserRoleRepository userRoleRepository,
+                             ApplicationRepository applicationRepository,
+                             MeterRegistry meterRegistry) {
+
+        Gauge.builder("total_number_of_users", () ->
+                        userRepository.count())
+                .description("Total number of Users")
+                .register(meterRegistry);
+
+        Gauge.builder("total_number_of_access_roles", () ->
+                        roleRepository.count())
+                .description("Total number of Access Roles")
+                .register(meterRegistry);
+
+        Stream.of(Authority.values())
+                .filter(authority -> !authority.equals(Authority.SUPER_USER) && !authority.equals(Authority.INSTITUTION_ADMIN))
+                .forEach(authority -> Gauge
+                        .builder("total_number_of_" + authority.name().toLowerCase() + "_users",
+                                () -> userRoleRepository.countByAuthority(authority))
+                        .description("Total number of " + authority.name().toLowerCase() + "-users")
+                        .register(meterRegistry));
+
+        Gauge
+                .builder("total_number_of_institution_admins",
+                        () -> userRepository.countBySuperUserTrue())
+                .description("Total number of Institution Admins")
+                .register(meterRegistry);
+
+        Gauge
+                .builder("total_number_of_super_users",
+                        () -> userRepository.countBySuperUserTrue())
+                .description("Total number of Super users")
+                .register(meterRegistry);
+
+        Gauge.builder("total_number_of_applications",
+                        () -> applicationRepository.count())
+                .description("Total number of applications")
+                .register(meterRegistry);
+
+        Gauge.builder("total_number_of_pending_invitations",
+                        () -> invitationRepository.countByStatus(Status.OPEN))
+                .description("Total number of pending invitations")
+                .register(meterRegistry);
+
+    }
+
+}
diff --git a/server/src/main/java/invite/repository/InvitationRepository.java b/server/src/main/java/invite/repository/InvitationRepository.java
@@ -1,5 +1,6 @@
 package invite.repository;
 
+import invite.model.Authority;
 import invite.model.Invitation;
 import invite.model.Role;
 import invite.model.Status;
@@ -29,6 +30,8 @@ public interface InvitationRepository extends JpaRepository<Invitation, Long>, Q
 
     List<Invitation> findByStatusAndRoles_role(Status status, Role role);
 
+    long countByStatus(Status status);
+
     @Query(value = """
             SELECT i.id, i.email, i.remote_api_user, i.intended_authority, i.created_at, i.expiry_date,
             u.id as user_id, u.name, u.email as inviter_email
diff --git a/server/src/main/java/invite/repository/UserRepository.java b/server/src/main/java/invite/repository/UserRepository.java
@@ -23,6 +23,10 @@ public interface UserRepository extends JpaRepository<User, Long>, QueryRewriter
 
     List<User> findBySuperUserTrue();
 
+    long countBySuperUserTrue();
+
+    long countByInstitutionAdminTrue();
+
     Optional<User> findByEduPersonPrincipalNameIgnoreCase(String eppn);
 
     Optional<User> findByEmailIgnoreCase(String email);
diff --git a/server/src/main/java/invite/repository/UserRoleRepository.java b/server/src/main/java/invite/repository/UserRoleRepository.java
@@ -31,6 +31,8 @@ public interface UserRoleRepository extends JpaRepository<UserRole, Long>, Query
 
     List<UserRole> findByRoleName(String roleName);
 
+    long countByAuthority(Authority authority);
+
     @Modifying
     @Query(value = "DELETE FROM user_roles WHERE id = ?1", nativeQuery = true)
     @Transactional(isolation = Isolation.SERIALIZABLE)
diff --git a/server/src/main/java/invite/security/Scope.java b/server/src/main/java/invite/security/Scope.java
@@ -1,5 +1,5 @@
 package invite.security;
 
 public enum Scope {
-    voot, teams, attribute_aggregation, lifecycle, profile, sp_dashboard, access
+    voot, teams, attribute_aggregation, lifecycle, profile, sp_dashboard, access, actuator
 }
diff --git a/server/src/main/java/invite/security/SecurityConfig.java b/server/src/main/java/invite/security/SecurityConfig.java
@@ -144,7 +144,8 @@ SecurityFilterChain sessionSecurityFilterChain(HttpSecurity http,
                                 "/api/v1/users/ms-accept-return/**",
                                 "/api/v1/validations/**",
                                 "/ui/**",
-                                "/internal/**")
+                                "/internal/health",
+                                "/internal/info")
                         .permitAll()
                         .anyRequest()
                         .authenticated()
@@ -201,10 +202,12 @@ SecurityFilterChain basicAuthenticationSecurityFilterChain(HttpSecurity http) th
                         "/api/deprovision/**",
                         "/api/external/v1/deprovision/**",
                         "/api/internal/invite/**",
-                        "/api/external/v1/internal/invite/**"
+                        "/api/external/v1/internal/invite/**",
+                        "/internal/prometheus"
                 ).sessionManagement(c -> c
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                )
+                ).authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/internal/prometheus").hasRole("ACTUATOR"))
                 .authorizeHttpRequests(c -> c
                         //The API token is secured in the UserHandlerMethodArgumentResolver
                         .requestMatchers(apiTokenRequestMatcher)
diff --git a/server/src/main/resources/application.yml b/server/src/main/resources/application.yml
@@ -146,6 +146,10 @@ external-api-configuration:
       password: "secret"
       scopes:
         - lifecycle
+    - username: internal
+      password: "secret"
+      scopes:
+        - actuator
     - username: profile
       password: "secret"
       scopes:
@@ -218,24 +222,23 @@ springdoc:
       use-basic-authentication-with-access-code-grant: true
 
 management:
-  health:
-    mail:
-      enabled: false
   endpoints:
     web:
       exposure:
-        include: "health,info,mappings,metrics"
+        include: "health,info,prometheus"
       base-path: "/internal"
   endpoint:
     info:
-      enabled: true
+      access: unrestricted
     health:
-      enabled: true
-      show-details: always
+      access: unrestricted
+      show-details: when_authorized
+    prometheus:
+      access: unrestricted
     mappings:
-      enabled: true
+      access: none
     metrics:
-      enabled: false
+      access: unrestricted
   info:
     git:
       mode: full
diff --git a/server/src/test/java/invite/AccessApplicationTest.java b/server/src/test/java/invite/AccessApplicationTest.java
@@ -13,7 +13,7 @@ class AccessApplicationTest {
 
     @Test
     void mainApp() {
-        ConfigurableApplicationContext applicationContext = SpringApplication.run(AccessServerApplication.class, new String[]{"--server.port=8098"});
+        ConfigurableApplicationContext applicationContext = SpringApplication.run(InviteServerApplication.class, new String[]{"--server.port=8098"});
         RestAssured.port = 8098;
 
         given()
diff --git a/server/src/test/java/invite/api/MetricsControllerTest.java b/server/src/test/java/invite/api/MetricsControllerTest.java
@@ -0,0 +1,50 @@
+package invite.api;
+
+import invite.InviteServerApplication;
+import invite.model.Authority;
+import io.restassured.RestAssured;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.SpringApplication;
+import org.springframework.context.ConfigurableApplicationContext;
+import wiremock.org.apache.commons.io.IOUtils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.Charset;
+import java.util.List;
+import java.util.stream.Stream;
+
+import static io.restassured.RestAssured.given;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class MetricsControllerTest {
+
+    @Test
+    void prometheus() throws IOException {
+        ConfigurableApplicationContext applicationContext = SpringApplication.run(InviteServerApplication.class, "--server.port=8098");
+        RestAssured.port = 8098;
+
+        InputStream inputStream = given()
+                .when()
+                .auth().preemptive().basic("internal", "secret")
+                .get("/internal/prometheus")
+                .asInputStream();
+        String metrics = IOUtils.toString(inputStream, Charset.defaultCharset());
+        SpringApplication.exit(applicationContext);
+
+        List.of(
+                        "total_number_of_pending_invitations",
+                        "total_number_of_applications",
+                        "total_number_of_super_users",
+                        "total_number_of_institution_admins",
+                        "total_number_of_access_roles",
+                        "total_number_of_users",
+                        "")
+                .forEach(s -> assertTrue(metrics.contains(s)));
+
+        Stream.of(Authority.values())
+                .filter(authority -> !authority.equals(Authority.SUPER_USER) && !authority.equals(Authority.INSTITUTION_ADMIN))
+                .forEach(authority -> assertTrue(metrics.contains("total_number_of_" + authority.name().toLowerCase() + "_users")));
+    }
+
+}
diff --git a/welcome/src/styles/vars.scss b/welcome/src/styles/vars.scss
@@ -2,4 +2,4 @@ $background: #eaebf0;
 $br: 6px;
 // Screen
 $medium: 824px;
-$tablet-max: 824px;
+

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ div.mod-tokens {`
`64`	`64`	`width: 100%;`
`65`	`65`	`margin: 40px auto 25px auto;`
`66`	`66`
`67`		`- @media (max-width: $tablet-max) {`
	`67`	`+ @media (max-width: $medium) {`
`68`	`68`	`flex-direction: column;`
`69`	`69`	`}`
`70`	`70`
`@@ -86,7 +86,7 @@ div.mod-tokens {`
`86`	`86`	`div.new-token {`
`87`	`87`	`width: 60%;`
`88`	`88`
`89`		`- @media (max-width: $tablet-max) {`
	`89`	`+ @media (max-width: $medium) {`
`90`	`90`	`padding: 15px;`
`91`	`91`	`width: 100%;`
`92`	`92`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,10 +4,10 @@`
`4`	`4`	`import org.springframework.boot.autoconfigure.SpringBootApplication;`
`5`	`5`
`6`	`6`	`@SpringBootApplication`
`7`		`-public class AccessServerApplication {`
	`7`	`+public class InviteServerApplication {`
`8`	`8`
`9`	`9`	`public static void main(String[] args) {`
`10`		`- SpringApplication.run(AccessServerApplication.class, args);`
	`10`	`+ SpringApplication.run(InviteServerApplication.class, args);`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`package invite.security;`
`2`	`2`
`3`	`3`	`public enum Scope {`
`4`		`- voot, teams, attribute_aggregation, lifecycle, profile, sp_dashboard, access`
	`4`	`+ voot, teams, attribute_aggregation, lifecycle, profile, sp_dashboard, access, actuator`
`5`	`5`	`}`