fix(hydra): instrument metrics also on public endpoints

GitOrigin-RevId: 84ae1df26bd3d9a025655e50792ea7312f250cca

Author: zepatrik

client/handler_test.go

@@ -141,7 +141,7 @@ func TestHandler(t *testing.T) {
 			router := x.NewRouterAdmin(metrics)
 			h.SetAdminRoutes(router)
 			router.Handler("GET", prometheusx.MetricsPrometheusPath, promhttp.Handler())
-			n.UseHandler(router.Mux)
+			n.UseHandler(router)
 
 			adminTs = httptest.NewServer(n)
 			t.Cleanup(adminTs.Close)
@@ -152,9 +152,9 @@ func TestHandler(t *testing.T) {
 			n.UseFunc(httprouterx.TrimTrailingSlashNegroni)
 			n.UseFunc(httprouterx.NoCacheNegroni)
 
-			router := x.NewRouterPublic()
+			router := x.NewRouterPublic(metrics)
 			h.SetPublicRoutes(router)
-			n.UseHandler(router.Mux)
+			n.UseHandler(router)
 
 			publicTs = httptest.NewServer(n)
 			t.Cleanup(publicTs.Close)

client/sdk_test.go

@@ -70,17 +70,17 @@ func TestClientSDK(t *testing.T) {
 
 	metrics := prometheusx.NewMetricsManagerWithPrefix("hydra", prometheusx.HTTPMetrics, config.Version, config.Commit, config.Date)
 	routerAdmin := x.NewRouterAdmin(metrics)
-	routerPublic := x.NewRouterPublic()
+	routerPublic := x.NewRouterPublic(metrics)
 	clHandler := client.NewHandler(r)
 	clHandler.SetPublicRoutes(routerPublic)
 	clHandler.SetAdminRoutes(routerAdmin)
 	o2Handler := oauth2.NewHandler(r)
 	o2Handler.SetPublicRoutes(routerPublic, func(h http.Handler) http.Handler { return h })
 	o2Handler.SetAdminRoutes(routerAdmin)
 
-	server := httptest.NewServer(routerAdmin.Mux)
+	server := httptest.NewServer(routerAdmin)
 	t.Cleanup(server.Close)
-	publicServer := httptest.NewServer(routerPublic.Mux)
+	publicServer := httptest.NewServer(routerPublic)
 	t.Cleanup(publicServer.Close)
 	r.Config().MustSet(ctx, config.KeyAdminURL, server.URL)
 	r.Config().MustSet(ctx, config.KeyOAuth2TokenURL, publicServer.URL+"/oauth2/token")

cmd/cmd_perform_authorization_code.go

@@ -30,7 +30,6 @@ import (
 	"github.com/ory/hydra/v2/cmd/cliclient"
 	"github.com/ory/x/cmdx"
 	"github.com/ory/x/flagx"
-	"github.com/ory/x/httprouterx"
 	"github.com/ory/x/pointerx"
 	"github.com/ory/x/randx"
 	"github.com/ory/x/tlsx"
@@ -237,7 +236,7 @@ and success, unless if the --no-shutdown flag is provided.`,
 			}
 			authCodeURL, state := generateAuthCodeURL()
 
-			r := httprouterx.NewRouterPublic()
+			r := http.NewServeMux()
 			var tlsc *tls.Config
 			if isSSL {
 				key, err := rsa.GenerateKey(rand.Reader, 2048)
@@ -254,23 +253,23 @@ and success, unless if the --no-shutdown flag is provided.`,
 
 			server := graceful.WithDefaults(&http.Server{
 				Addr:    fmt.Sprintf(":%d", port),
-				Handler: r.Mux, TLSConfig: tlsc,
+				Handler: r, TLSConfig: tlsc,
 				ReadHeaderTimeout: time.Second * 5,
 			})
-			var shutdown = func() {
+			shutdown := func() {
 				time.Sleep(time.Second * 1)
 				ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
 				defer cancel()
 				_ = server.Shutdown(ctx)
 			}
 
-			r.GET("/", func(w http.ResponseWriter, r *http.Request) {
+			r.Handle("GET /", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				_ = tokenUserWelcome.Execute(w, &struct{ URL string }{URL: authCodeURL})
-			})
+			}))
 
-			r.GET("/perform-flow", func(w http.ResponseWriter, r *http.Request) {
+			r.Handle("GET /perform-flow", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				http.Redirect(w, r, authCodeURL, http.StatusFound)
-			})
+			}))
 
 			rt := router{
 				cl:    client,
@@ -290,12 +289,12 @@ and success, unless if the --no-shutdown flag is provided.`,
 				noShutdown:     noShutdown,
 			}
 
-			r.GET("/login", rt.loginGET)
-			r.POST("/login", rt.loginPOST)
-			r.GET("/consent", rt.consentGET)
-			r.POST("/consent", rt.consentPOST)
-			r.GET("/callback", rt.callback)
-			r.POST("/callback", rt.callbackPOSTForm)
+			r.Handle("GET /login", http.HandlerFunc(rt.loginGET))
+			r.Handle("POST /login", http.HandlerFunc(rt.loginPOST))
+			r.Handle("GET /consent", http.HandlerFunc(rt.consentGET))
+			r.Handle("POST /consent", http.HandlerFunc(rt.consentPOST))
+			r.Handle("GET /callback", http.HandlerFunc(rt.callback))
+			r.Handle("POST /callback", http.HandlerFunc(rt.callbackPOSTForm))
 
 			if !flagx.MustGetBool(cmd, "no-open") {
 				_ = webbrowser.Open(serverLocation) // ignore errors

cmd/server/handler.go

@@ -135,7 +135,6 @@ func adminServer(ctx context.Context, d *driver.RegistrySQL, metricsService *met
 	n.UseFunc(httprouterx.AddAdminPrefixIfNotPresentNegroni)
 	n.UseFunc(semconv.Middleware)
 	n.Use(logger)
-	n.Use(prometheusManager)
 
 	if cfg.TLS.Enabled && !networkx.AddressIsUnixSocket(cfg.Host) {
 		mw, err := tlsx.EnforceTLSRequests(d, cfg.TLS.AllowTerminationFrom)
@@ -158,10 +157,10 @@ func adminServer(ctx context.Context, d *driver.RegistrySQL, metricsService *met
 	})
 	n.Use(metricsService)
 
-	router := httprouterx.NewRouterAdmin(prometheusManager)
+	router := httprouterx.NewRouterAdminWithPrefix(prometheusManager)
 	d.RegisterAdminRoutes(router)
 
-	n.UseHandler(router.Mux)
+	n.UseHandler(router)
 
 	return func() error {
 		return serve(ctx, d, cfg, n, "admin")
@@ -185,7 +184,6 @@ func publicServer(ctx context.Context, d *driver.RegistrySQL, metricsService *me
 	n.UseFunc(httprouterx.NoCacheNegroni)
 	n.UseFunc(semconv.Middleware)
 	n.Use(logger)
-	n.Use(prometheusManager)
 	if cfg.TLS.Enabled && !networkx.AddressIsUnixSocket(cfg.Host) {
 		mw, err := tlsx.EnforceTLSRequests(d, cfg.TLS.AllowTerminationFrom)
 		if err != nil {
@@ -207,10 +205,10 @@ func publicServer(ctx context.Context, d *driver.RegistrySQL, metricsService *me
 	})
 	n.Use(metricsService)
 
-	router := x.NewRouterPublic()
+	router := x.NewRouterPublic(metricsService)
 	d.RegisterPublicRoutes(ctx, router)
 
-	n.UseHandler(router.Mux)
+	n.UseHandler(router)
 	return func() error {
 		return serve(ctx, d, cfg, n, "public")
 	}, nil

consent/handler_test.go

@@ -37,7 +37,7 @@ func TestGetLogoutRequest(t *testing.T) {
 	h := NewHandler(reg)
 	r := x.NewRouterAdmin(prometheusx.NewMetricsManagerWithPrefix("hydra", prometheusx.HTTPMetrics, config.Version, config.Commit, config.Date))
 	h.SetRoutes(r)
-	ts := httptest.NewServer(r.Mux)
+	ts := httptest.NewServer(r)
 	defer ts.Close()
 
 	cl := &client.Client{
@@ -103,7 +103,7 @@ func TestGetLoginRequest(t *testing.T) {
 	h := NewHandler(reg)
 	r := x.NewRouterAdmin(prometheusx.NewMetricsManagerWithPrefix("hydra", prometheusx.HTTPMetrics, config.Version, config.Commit, config.Date))
 	h.SetRoutes(r)
-	ts := httptest.NewServer(r.Mux)
+	ts := httptest.NewServer(r)
 	defer ts.Close()
 
 	cl := &client.Client{
@@ -169,7 +169,7 @@ func TestGetConsentRequest(t *testing.T) {
 	h := NewHandler(reg)
 	r := x.NewRouterAdmin(prometheusx.NewMetricsManagerWithPrefix("hydra", prometheusx.HTTPMetrics, config.Version, config.Commit, config.Date))
 	h.SetRoutes(r)
-	ts := httptest.NewServer(r.Mux)
+	ts := httptest.NewServer(r)
 	defer ts.Close()
 
 	cl := &client.Client{
@@ -249,7 +249,7 @@ func TestAcceptLoginRequestDouble(t *testing.T) {
 	h := NewHandler(reg)
 	r := x.NewRouterAdmin(prometheusx.NewMetricsManagerWithPrefix("hydra", prometheusx.HTTPMetrics, config.Version, config.Commit, config.Date))
 	h.SetRoutes(r)
-	ts := httptest.NewServer(r.Mux)
+	ts := httptest.NewServer(r)
 	defer ts.Close()
 
 	// marshal User to json
@@ -289,7 +289,7 @@ func TestAcceptCodeDeviceRequest(t *testing.T) {
 	h := NewHandler(reg)
 	r := x.NewRouterAdmin(prometheusx.NewMetricsManagerWithPrefix("hydra", prometheusx.HTTPMetrics, config.Version, config.Commit, config.Date))
 	h.SetRoutes(r)
-	ts := httptest.NewServer(r.Mux)
+	ts := httptest.NewServer(r)
 	t.Cleanup(ts.Close)
 
 	submitCode := func(t *testing.T, reqBody any, challenge string) *http.Response {

health/handler_test.go

@@ -9,6 +9,8 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"github.com/urfave/negroni"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -71,10 +73,10 @@ func TestPublicHealthHandler(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(configx.WithValues(tc.config)))
 
-			public := x.NewRouterPublic()
+			public := x.NewRouterPublic(negroni.HandlerFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { next(w, r) }))
 			reg.RegisterPublicRoutes(ctx, public)
 
-			ts := httptest.NewServer(public.Mux)
+			ts := httptest.NewServer(public)
 
 			tc.verifyResponse(t, doCORSRequest(t, ts.URL+healthx.AliveCheckPath))
 			tc.verifyResponse(t, doCORSRequest(t, ts.URL+healthx.ReadyCheckPath))

internal/testhelpers/oauth2.go

@@ -84,7 +84,7 @@ func NewConfigurableOAuth2Server(ctx context.Context, t testing.TB, reg *driver.
 
 		router := x.NewRouterAdmin(metrics)
 		reg.RegisterAdminRoutes(router)
-		n.UseHandler(router.Mux)
+		n.UseHandler(router)
 
 		adminTS = httptest.NewServer(n)
 		t.Cleanup(adminTS.Close)
@@ -95,9 +95,9 @@ func NewConfigurableOAuth2Server(ctx context.Context, t testing.TB, reg *driver.
 		n.UseFunc(httprouterx.TrimTrailingSlashNegroni)
 		n.UseFunc(httprouterx.NoCacheNegroni)
 
-		router := x.NewRouterPublic()
+		router := x.NewRouterPublic(metrics)
 		reg.RegisterPublicRoutes(ctx, router)
-		n.UseHandler(router.Mux)
+		n.UseHandler(router)
 
 		publicTS = httptest.NewServer(n)
 		t.Cleanup(publicTS.Close)

jwk/handler.go

@@ -55,8 +55,8 @@ func NewHandler(r InternalRegistry) *Handler {
 }
 
 func (h *Handler) SetPublicRoutes(r *httprouterx.RouterPublic, corsMiddleware func(http.Handler) http.Handler) {
-	r.Handle("OPTIONS", WellKnownKeysPath, corsMiddleware(http.HandlerFunc(h.handleOptions)))
-	r.Handle("GET", WellKnownKeysPath, corsMiddleware(http.HandlerFunc(h.discoverJsonWebKeys)))
+	r.Handler("OPTIONS", WellKnownKeysPath, corsMiddleware(http.HandlerFunc(h.handleOptions)))
+	r.Handler("GET", WellKnownKeysPath, corsMiddleware(http.HandlerFunc(h.discoverJsonWebKeys)))
 }
 
 func (h *Handler) SetAdminRoutes(r *httprouterx.RouterAdmin) {

jwk/handler_test.go

@@ -10,6 +10,8 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"github.com/urfave/negroni"
+
 	"github.com/ory/hydra/v2/driver"
 
 	"github.com/go-jose/go-jose/v3"
@@ -28,12 +30,12 @@ func TestHandlerWellKnown(t *testing.T) {
 	t.Parallel()
 
 	reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(configx.WithValue(config.KeyWellKnownKeys, []string{x.OpenIDConnectKeyName, x.OpenIDConnectKeyName})))
-	router := x.NewRouterPublic()
+	router := x.NewRouterPublic(negroni.HandlerFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { next(w, r) }))
 	h := jwk.NewHandler(reg)
 	h.SetPublicRoutes(router, func(h http.Handler) http.Handler {
 		return h
 	})
-	testServer := httptest.NewServer(router.Mux)
+	testServer := httptest.NewServer(router)
 	JWKPath := "/.well-known/jwks.json"
 
 	t.Run("Test_Handler_WellKnown/Run_public_key_With_public_prefix", func(t *testing.T) {

jwk/sdk_test.go

@@ -29,7 +29,7 @@ func TestJWKSDK(t *testing.T) {
 	router := x.NewRouterAdmin(metrics)
 	h := NewHandler(reg)
 	h.SetAdminRoutes(router)
-	server := httptest.NewServer(router.Mux)
+	server := httptest.NewServer(router)
 	reg.Config().MustSet(ctx, config.KeyAdminURL, server.URL)
 
 	sdk := hydra.NewAPIClient(hydra.NewConfiguration())