diff --git a/src/metrics.c b/src/metrics.c index a9f74fac..5288b7e8 100644 --- a/src/metrics.c +++ b/src/metrics.c @@ -46,6 +46,100 @@ #include "metrics.h" #include +#define OM_CLASS_AUTH_TYPE "authtype" +#define OM_CLASS_AUTHN "authn" +#define OM_CLASS_SESSION "session" +#define OM_CLASS_CONTENT "content" +#define OM_CLASS_REDIRECT_URI "redirect_uri" + +const oidc_metrics_timing_info_t _oidc_metrics_timings_info[] = { + { OM_AUTHN_REQUEST, OM_CLASS_AUTHN, "request", + "authentication requests" }, + { OM_AUTHN_RESPONSE, OM_CLASS_AUTHN, "response", + "authentication responses" }, + { OM_SESSION_VALID, OM_CLASS_SESSION, "valid", + "successfully validated existing sessions" }, +}; + +const oidc_metrics_counter_info_t _oidc_metrics_counters_info[] = { + + { OM_AUTHTYPE_OPENID_CONNECT, OM_CLASS_AUTH_TYPE, "handler", "openid-connect", + "incoming requests" }, + { OM_AUTHTYPE_OAUTH20, OM_CLASS_AUTH_TYPE, "handler", "oauth20", + "incoming requests" }, + { OM_AUTHTYPE_AUTH_OPENIDC, OM_CLASS_AUTH_TYPE, "handler", "auth-openidc", + "incoming requests" }, + { OM_AUTHTYPE_DECLINED, OM_CLASS_AUTH_TYPE, "handler", "declined", + "incoming requests" }, + + { OM_SESSION_ERROR_COOKIE_DOMAIN, OM_CLASS_SESSION, "error", "cookie-domain", + "cookie domain validation errors for existing sessions" }, + { OM_SESSION_ERROR_EXPIRED, OM_CLASS_SESSION, "error", "expired", + "sessions that exceeded the maximum duration" }, + { OM_SESSION_ERROR_REFRESH_ACCESS_TOKEN, OM_CLASS_SESSION, "error", "refresh-access-token", + "errors refreshing the access token before expiry in existing sessions" }, + { OM_SESSION_ERROR_REFRESH_USERINFO, OM_CLASS_SESSION, "error", "refresh-user-info", + "errors refreshing claims from the userinfo endpoint in existing sessions" }, + { OM_SESSION_ERROR_GENERAL, OM_CLASS_SESSION, "error", "general", + "existing sessions that failed validation" }, + + { OM_AUTHN_REQUEST_ERROR_URL, OM_CLASS_AUTHN, "request.error", "url", + "errors matching the incoming request URL against the configuration" }, + + { OM_AUTHN_RESPONSE_ERROR_STATE_MISMATCH, OM_CLASS_AUTHN, "response.error", "state-mismatch", + "state mismatch errors in authentication responses" }, + { OM_AUTHN_RESPONSE_ERROR_STATE_EXPIRED, OM_CLASS_AUTHN, "response.error", "state-expired", + "state expired errors in authentication responses" }, + { OM_AUTHN_RESPONSE_ERROR_PROVIDER, OM_CLASS_AUTHN, "response.error", "provider", + "errors returned by the provider in authentication responses" }, + { OM_AUTHN_RESPONSE_ERROR_PROTOCOL, OM_CLASS_AUTHN, "response.error", "protocol", + "errors handling authentication responses" }, + { OM_AUTHN_RESPONSE_ERROR_REMOTE_USER, OM_CLASS_AUTHN, "response.error", "remote-user", + "errors identifying the remote user based on provided claims" }, + + { OM_REDIRECT_URI_AUTHN_RESPONSE_REDIRECT, OM_CLASS_REDIRECT_URI, "authn.response", "redirect", + "authentication responses received in a redirect", }, + { OM_REDIRECT_URI_AUTHN_RESPONSE_POST, OM_CLASS_REDIRECT_URI, "authn.response", "post", + "authentication responses received in a HTTP POST", }, + { OM_REDIRECT_URI_AUTHN_RESPONSE_IMPLICIT, OM_CLASS_REDIRECT_URI, "authn.response", "implicit", + "(presumed) implicit authentication responses to the redirect URI", }, + { OM_REDIRECT_URI_DISCOVERY_RESPONSE, OM_CLASS_REDIRECT_URI, "discovery", "response", + "discovery responses to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_LOGOUT, OM_CLASS_REDIRECT_URI, "request", "logout", + "logout requests to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_JWKS, OM_CLASS_REDIRECT_URI, "request", "jwks", + "JWKs retrieval requests to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_SESSION, OM_CLASS_REDIRECT_URI, "request", "session", + "session management requests to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_REFRESH, OM_CLASS_REDIRECT_URI, "request", "refresh", + "refresh access token requests to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_REQUEST_URI, OM_CLASS_REDIRECT_URI, "request", "request_uri", + "Request URI calls to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_REMOVE_AT_CACHE, OM_CLASS_REDIRECT_URI, "request", "remove_at_cache", + "access token cache removal requests to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_REVOKE_SESSION, OM_CLASS_REDIRECT_URI, "request", "session", + "revoke session requests to the redirect URI", }, + { OM_REDIRECT_URI_REQUEST_INFO, OM_CLASS_REDIRECT_URI, "request", "info", + "info hook requests to the redirect URI", }, + { OM_REDIRECT_URI_ERROR_PROVIDER, OM_CLASS_REDIRECT_URI, "error", "provider", + "provider authentication response errors received at the redirect URI", }, + { OM_REDIRECT_URI_ERROR_INVALID, OM_CLASS_REDIRECT_URI, "error", "invalid", + "invalid requests to the redirect URI", }, + + { OM_CONTENT_REQUEST_DECLINED, OM_CLASS_CONTENT, "request", "declined", + "requests declined by the content handler" }, + { OM_CONTENT_REQUEST_INFO, OM_CLASS_CONTENT, "request", "info", + "info hook requests to the content handler" }, + { OM_CONTENT_REQUEST_JWKS, OM_CLASS_CONTENT, "request", "jwks", + "JWKs requests to the content handler" }, + { OM_CONTENT_REQUEST_DISCOVERY, OM_CLASS_CONTENT, "request", "discovery", + "discovery requests to the content handler" }, + { OM_CONTENT_REQUEST_POST_PRESERVE, OM_CLASS_CONTENT, "request", "post-preserve", + "HTTP POST preservation requests to the content handler" }, + { OM_CONTENT_REQUEST_UNKNOWN, OM_CLASS_CONTENT, "request", "unknown", + "unknown requests to the content handler" }, +}; + // clang-format on typedef struct oidc_metrics_t { @@ -72,7 +166,7 @@ static oidc_cache_mutex_t *_oidc_metrics_process_mutex = NULL; #define OIDC_CACHE_METRICS_STORAGE_INTERVAL 5 // maximum length of the string representation of the global JSON metrics data in shared memory -// 1024 sample size (non-compact, long keys, large json_int values), timing + counter +// 1024 sample size (compact, long keys, large json_int values, no description), timing + counter // 256 number of individual metrics collected // 4 number of vhosts supported #define OIDC_CACHE_METRICS_JSON_MAX 1024 * 256 * 4 @@ -108,6 +202,8 @@ static oidc_metrics_bucket_t _oidc_metric_buckets[] = { #define OIDC_METRICS_SUM "sum" #define OIDC_METRICS_COUNT "count" +#define OIDC_METRICS_TYPE "type" + #define OIDC_METRICS_NAME "name" #define OIDC_METRICS_LABEL_NAME "lname" #define OIDC_METRICS_LABEL_VALUE "lvalue" @@ -118,20 +214,16 @@ static oidc_metrics_bucket_t _oidc_metric_buckets[] = { // single counter container typedef struct oidc_metrics_counter_t { - const char *metric_name; - const char *label_name; - const char *label_value; + oidc_metrics_counter_type_t type; json_int_t count; - const char *desc; } oidc_metrics_counter_t; // single timing stats container typedef struct oidc_metrics_timing_t { - // json_int_t buckets[OIDC_METRICS_BUCKET_NUM]; + oidc_metrics_timing_type_t type; json_int_t *buckets; apr_time_t sum; json_int_t count; - const char *desc; } oidc_metrics_timing_t; /* @@ -159,33 +251,17 @@ static void oidc_metrics_storage_set(server_rec *s, const char *value) { } } -/* - * create a new counter entry in the collected JSON data - */ -static json_t *oidc_metrics_counter_new(server_rec *s, const oidc_metrics_counter_t *counter) { - int i = 0; - json_t *entry = json_object(); - json_object_set_new(entry, OIDC_METRICS_NAME, json_string(counter->metric_name)); - if (counter->label_name) { - json_object_set_new(entry, OIDC_METRICS_LABEL_NAME, json_string(counter->label_name)); - json_object_set_new(entry, OIDC_METRICS_LABEL_VALUE, json_string(counter->label_value)); - } - json_object_set_new(entry, OIDC_METRICS_COUNT, json_integer(counter->count)); - json_object_set_new(entry, OIDC_METRICS_DESC, json_string(counter->desc)); - return entry; -} - /* * create a new timings entry in the collected JSON data */ static json_t *oidc_metrics_timings_new(server_rec *s, const oidc_metrics_timing_t *timing) { int i = 0; json_t *entry = json_object(); + json_object_set_new(entry, OIDC_METRICS_TYPE, json_integer(timing->type)); for (i = 0; i < OIDC_METRICS_BUCKET_NUM; i++) json_object_set_new(entry, _oidc_metric_buckets[i].name, json_integer(timing->buckets[i])); json_object_set_new(entry, OIDC_METRICS_SUM, json_integer(apr_time_as_msec(timing->sum))); json_object_set_new(entry, OIDC_METRICS_COUNT, json_integer(timing->count)); - json_object_set_new(entry, OIDC_METRICS_DESC, json_string(timing->desc)); return entry; } @@ -274,7 +350,10 @@ static void oidc_metrics_store(server_rec *s) { j_member = json_object_get(j_value, OIDC_METRICS_COUNT); json_integer_set(j_member, json_integer_value(j_member) + counter->count); } else { - json_object_set_new(j_counters, key, oidc_metrics_counter_new(s, counter)); + j_member = json_object(); + json_object_set_new(j_member, OIDC_METRICS_COUNT, json_integer(counter->count)); + json_object_set_new(j_member, OIDC_METRICS_TYPE, json_integer(counter->type)); + json_object_set_new(j_counters, key, j_member); } } } @@ -494,8 +573,7 @@ static void *oidc_metrics_get(request_rec *r, const char *key, apr_hash_t *table /* * add/increase a counter metric in the locally cached data */ -void oidc_metrics_counter_add(request_rec *r, const char *metric_name, const char *label_name, const char *label_value, - const char *desc) { +void oidc_metrics_counter_inc(request_rec *r, oidc_metrics_counter_type_t type) { oidc_metrics_counter_t *counter = NULL; char *key = NULL; @@ -503,20 +581,21 @@ void oidc_metrics_counter_add(request_rec *r, const char *metric_name, const cha oidc_cache_mutex_lock(r->pool, r->server, _oidc_metrics_process_mutex); /* obtain or create the entry for the specified key */ - key = apr_psprintf(r->server->process->pool, "%s", metric_name); - if ((label_name) && (_oidc_strcmp(label_name, "") != 0)) { - key = apr_psprintf(r->server->process->pool, "%s.%s", key, label_name); - if ((label_value) && (_oidc_strcmp(label_value, "") != 0)) { - key = apr_psprintf(r->server->process->pool, "%s.%s", key, label_value); + key = apr_psprintf(r->server->process->pool, "%s", _oidc_metrics_counters_info[type].name); + if ((_oidc_metrics_counters_info[type].label_name) && + (_oidc_strcmp(_oidc_metrics_counters_info[type].label_name, "") != 0)) { + key = + apr_psprintf(r->server->process->pool, "%s.%s", key, _oidc_metrics_counters_info[type].label_name); + if ((_oidc_metrics_counters_info[type].label_value) && + (_oidc_strcmp(_oidc_metrics_counters_info[type].label_value, "") != 0)) { + key = apr_psprintf(r->server->process->pool, "%s.%s", key, + _oidc_metrics_counters_info[type].label_value); } } counter = (oidc_metrics_counter_t *)oidc_metrics_get(r, key, _oidc_metrics.counters, sizeof(oidc_metrics_counter_t)); - counter->metric_name = apr_pstrdup(r->server->process->pool, metric_name); - counter->label_name = apr_pstrdup(r->server->process->pool, label_name); - counter->label_value = apr_pstrdup(r->server->process->pool, label_value); - counter->desc = apr_pstrdup(r->server->process->pool, desc); + counter->type = type; counter->count++; /* unlock the local metrics cache hashtable */ @@ -526,10 +605,13 @@ void oidc_metrics_counter_add(request_rec *r, const char *metric_name, const cha /* * add a metrics timing sample to the locally cached data */ -void oidc_metrics_timing_add(request_rec *r, const char *key, apr_time_t elapsed, const char *desc) { +void oidc_metrics_timing_add(request_rec *r, oidc_metrics_timing_type_t type, apr_time_t elapsed) { oidc_metrics_timing_t *timing = NULL; int i = 0; + const char *key = apr_psprintf(r->pool, "%s.%s", _oidc_metrics_timings_info[type].name, + _oidc_metrics_timings_info[type].subkey); + /* TODO: how can this happen? */ if (elapsed < 0) { oidc_warn(r, "discarding metrics timing %s: elapsed (%" APR_TIME_T_FMT ") < 0", key, elapsed); @@ -543,10 +625,10 @@ void oidc_metrics_timing_add(request_rec *r, const char *key, apr_time_t elapsed timing = oidc_metrics_get(r, key, _oidc_metrics.timings, sizeof(oidc_metrics_timing_t)); if (timing->buckets == NULL) timing->buckets = apr_pcalloc(r->server->process->pool, sizeof(json_int_t) * OIDC_METRICS_BUCKET_NUM); + timing->type = type; for (i = 0; i < OIDC_METRICS_BUCKET_NUM; i++) if ((elapsed < _oidc_metric_buckets[i].threshold) || (_oidc_metric_buckets[i].threshold == 0)) timing->buckets[i]++; - timing->desc = apr_pstrdup(r->server->process->pool, desc); timing->sum += elapsed; timing->count++; @@ -554,10 +636,73 @@ void oidc_metrics_timing_add(request_rec *r, const char *key, apr_time_t elapsed oidc_cache_mutex_unlock(r->pool, r->server, _oidc_metrics_process_mutex); } -static int oidc_metrics_handle_json(request_rec *r, const char *s_json) { - /* return an empty JSON object if no (new) metrics data was found */ - if (s_json == NULL) +static int oidc_metrics_handle_json(request_rec *r, char *s_json) { + + json_t *json = NULL, *j_server = NULL, *j_timings, *j_counters, *j_timing = NULL, *j_counter = NULL; + const char *s_server = NULL, *s_key = NULL; + json_int_t type = 0; + json_error_t json_error; + + /* parse the metrics string to JSON */ + if (s_json != NULL) + json = json_loads(s_json, 0, &json_error); + if (json == NULL) + return HTTP_NOT_FOUND; + + void *iter1 = json_object_iter(json); + while (iter1) { + s_server = json_object_iter_key(iter1); + j_server = json_object_iter_value(iter1); + + j_counters = json_object_get(j_server, OIDC_METRICS_COUNTERS); + + void *iter2 = json_object_iter(j_counters); + while (iter2) { + s_key = json_object_iter_key(iter2); + j_counter = json_object_iter_value(iter2); + + type = json_integer_value(json_object_get(j_counter, OIDC_METRICS_TYPE)); + json_object_del(j_counter, OIDC_METRICS_TYPE); + + json_object_set_new(j_counter, OIDC_METRICS_NAME, + json_string(_oidc_metrics_counters_info[type].name)); + json_object_set_new(j_counter, OIDC_METRICS_LABEL_NAME, + json_string(_oidc_metrics_counters_info[type].label_name)); + json_object_set_new(j_counter, OIDC_METRICS_LABEL_VALUE, + json_string(_oidc_metrics_counters_info[type].label_value)); + json_object_set_new(j_counter, OIDC_METRICS_DESC, + json_string(_oidc_metrics_counters_info[type].desc)); + + iter2 = json_object_iter_next(j_counters, iter2); + } + + j_timings = json_object_get(j_server, OIDC_METRICS_TIMINGS); + + iter2 = json_object_iter(j_timings); + while (iter2) { + s_key = json_object_iter_key(iter2); + j_timing = json_object_iter_value(iter2); + + type = json_integer_value(json_object_get(j_timing, OIDC_METRICS_TYPE)); + json_object_del(j_timing, OIDC_METRICS_TYPE); + + json_object_set_new(j_timing, OIDC_METRICS_DESC, + json_string(_oidc_metrics_timings_info[type].desc)); + + iter2 = json_object_iter_next(j_timings, iter2); + } + iter1 = json_object_iter_next(json, iter1); + } + + if (json) { + char *str = json_dumps(json, JSON_COMPACT | JSON_PRESERVE_ORDER); + s_json = apr_pstrdup(r->pool, str); + free(str); + json_decref(json); + } else { s_json = "{}"; + } + /* return the data to the caller */ return oidc_util_http_send(r, s_json, _oidc_strlen(s_json), OIDC_CONTENT_TYPE_JSON, OK); } @@ -584,12 +729,12 @@ static const char *oidc_prometheus_normalize(request_rec *r, const char *v1, con } static int oidc_metrics_handle_prometheus(request_rec *r, const char *s_json) { - char *s_text = ""; json_t *json = NULL, *j_server = NULL, *j_timings, *j_counters, *j_timing = NULL, *j_member = NULL, *j_counter = NULL; + const char *s_server = NULL, *s_key = NULL, *s_label = NULL, *s_bucket = NULL; + char *s_text = ""; json_error_t json_error; - const char *s_server = NULL, *s_name = NULL, *s_member = NULL, *s_label = NULL, *s_value = NULL, - *s_metric = NULL, *s_desc = NULL; + json_int_t type = 0; /* parse the metrics string to JSON */ if (s_json != NULL) @@ -606,28 +751,25 @@ static int oidc_metrics_handle_prometheus(request_rec *r, const char *s_json) { void *iter2 = json_object_iter(j_counters); while (iter2) { - s_name = json_object_iter_key(iter2); + s_key = json_object_iter_key(iter2); j_counter = json_object_iter_value(iter2); - s_metric = json_string_value(json_object_get(j_counter, OIDC_METRICS_NAME)); - s_desc = json_string_value(json_object_get(j_counter, OIDC_METRICS_DESC)); - - s_label = oidc_prometheus_normalize(r, s_server, s_name); - s_text = apr_psprintf(r->pool, "%s# HELP %s The number of %s.\n", s_text, s_label, s_desc); + type = json_integer_value(json_object_get(j_counter, OIDC_METRICS_TYPE)); + s_label = oidc_prometheus_normalize(r, s_server, s_key); + s_text = apr_psprintf(r->pool, "%s# HELP %s The number of %s.\n", s_text, s_label, + _oidc_metrics_counters_info[type].desc); s_text = apr_psprintf(r->pool, "%s# TYPE %s counter\n", s_text, s_label); - - s_text = - apr_psprintf(r->pool, "%s%s", s_text, oidc_prometheus_normalize(r, s_server, s_metric)); - j_member = json_object_get(j_counter, OIDC_METRICS_LABEL_NAME); - if (j_member) { - s_label = json_string_value(j_member); - s_value = json_string_value(json_object_get(j_counter, OIDC_METRICS_LABEL_VALUE)); - s_text = apr_psprintf(r->pool, "%s{%s=\"%s\"}", s_text, - oidc_prometheus_normalize(r, s_label, NULL), s_value); + s_text = apr_psprintf( + r->pool, "%s%s", s_text, + oidc_prometheus_normalize(r, s_server, _oidc_metrics_counters_info[type].name)); + if (_oidc_metrics_counters_info[type].label_name) { + s_text = apr_psprintf( + r->pool, "%s{%s=\"%s\"}", s_text, + oidc_prometheus_normalize(r, _oidc_metrics_counters_info[type].label_name, NULL), + _oidc_metrics_counters_info[type].label_value); } - j_member = json_object_get(j_counter, "count"); + j_member = json_object_get(j_counter, OIDC_METRICS_COUNT); s_text = apr_psprintf(r->pool, "%s %ld\n", s_text, (long int)json_integer_value(j_member)); - s_text = apr_psprintf(r->pool, "%s\n", s_text); iter2 = json_object_iter_next(j_counters, iter2); @@ -637,20 +779,23 @@ static int oidc_metrics_handle_prometheus(request_rec *r, const char *s_json) { iter2 = json_object_iter(j_timings); while (iter2) { - s_name = json_object_iter_key(iter2); + s_key = json_object_iter_key(iter2); j_timing = json_object_iter_value(iter2); - s_label = oidc_prometheus_normalize(r, s_server, s_name); - s_desc = json_string_value(json_object_get(j_timing, OIDC_METRICS_DESC)); - s_text = apr_psprintf(r->pool, "%s# HELP %s A histogram of %s.\n", s_text, s_label, s_desc); + type = json_integer_value(json_object_get(j_timing, OIDC_METRICS_TYPE)); + json_object_del(j_timing, OIDC_METRICS_TYPE); + + s_label = oidc_prometheus_normalize(r, s_server, s_key); + s_text = apr_psprintf(r->pool, "%s# HELP %s A histogram of %s.\n", s_text, s_label, + _oidc_metrics_timings_info[type].desc); s_text = apr_psprintf(r->pool, "%s# TYPE %s histogram\n", s_text, s_label); void *iter3 = json_object_iter(j_timing); while (iter3) { - s_member = json_object_iter_key(iter3); + s_bucket = json_object_iter_key(iter3); j_member = json_object_iter_value(iter3); s_text = apr_psprintf(r->pool, "%s%s_%s %ld\n", s_text, s_label, - oidc_metrics_name_to_label(r, s_member), + oidc_metrics_name_to_label(r, s_bucket), (long int)json_integer_value(j_member)); iter3 = json_object_iter_next(j_timing, iter3); } diff --git a/src/metrics.h b/src/metrics.h index a39da92d..0e9a89dc 100644 --- a/src/metrics.h +++ b/src/metrics.h @@ -48,25 +48,92 @@ apr_byte_t oidc_metrics_cache_post_config(server_rec *s); apr_status_t oidc_metrics_cache_child_init(apr_pool_t *p, server_rec *s); apr_status_t oidc_metrics_cache_cleanup(server_rec *s); int oidc_metrics_handle_request(request_rec *r); -void oidc_metrics_counter_add(request_rec *r, const char *metric_name, const char *label_name, const char *label_value, - const char *desc); -void oidc_metrics_timing_add(request_rec *r, const char *key, apr_time_t elapsed, const char *desc); + +typedef enum { OM_AUTHN_REQUEST = 0, OM_AUTHN_RESPONSE, OM_SESSION_VALID } oidc_metrics_timing_type_t; + +typedef struct oidc_metrics_timing_info_t { + oidc_metrics_timing_type_t type; + char *name; + char *subkey; + char *desc; +} oidc_metrics_timing_info_t; + +extern const oidc_metrics_timing_info_t _oidc_metrics_timings_info[]; + +void oidc_metrics_timing_add(request_rec *r, oidc_metrics_timing_type_t type, apr_time_t elapsed); #define OIDC_METRICS_TIMING_START(r, cfg) \ apr_time_t _oidc_metrics_tstart; \ if (cfg->metrics_hook_data != NULL) \ _oidc_metrics_tstart = apr_time_now(); -#define OIDC_METRICS_TIMING_ADD(r, cfg, main_key, sub_key, desc) \ +#define OIDC_METRICS_TIMING_ADD(r, cfg, type) \ if (cfg->metrics_hook_data != NULL) \ - if (apr_hash_get(cfg->metrics_hook_data, main_key, APR_HASH_KEY_STRING) != NULL) { \ - oidc_metrics_timing_add(r, apr_psprintf(r->pool, "%s.%s", main_key, sub_key), \ - apr_time_now() - _oidc_metrics_tstart, desc); \ - } + if (apr_hash_get(cfg->metrics_hook_data, _oidc_metrics_timings_info[type].name, \ + APR_HASH_KEY_STRING) != NULL) \ + oidc_metrics_timing_add(r, type, apr_time_now() - _oidc_metrics_tstart); + +typedef enum { + + OM_AUTHTYPE_OPENID_CONNECT = 0, + OM_AUTHTYPE_OAUTH20, + OM_AUTHTYPE_AUTH_OPENIDC, + OM_AUTHTYPE_DECLINED, + + OM_SESSION_ERROR_COOKIE_DOMAIN, + OM_SESSION_ERROR_EXPIRED, + OM_SESSION_ERROR_REFRESH_ACCESS_TOKEN, + OM_SESSION_ERROR_REFRESH_USERINFO, + OM_SESSION_ERROR_GENERAL, + + OM_AUTHN_REQUEST_ERROR_URL, + + OM_AUTHN_RESPONSE_ERROR_STATE_MISMATCH, + OM_AUTHN_RESPONSE_ERROR_STATE_EXPIRED, + OM_AUTHN_RESPONSE_ERROR_PROVIDER, + OM_AUTHN_RESPONSE_ERROR_PROTOCOL, + OM_AUTHN_RESPONSE_ERROR_REMOTE_USER, + + OM_REDIRECT_URI_AUTHN_RESPONSE_REDIRECT, + OM_REDIRECT_URI_AUTHN_RESPONSE_POST, + OM_REDIRECT_URI_AUTHN_RESPONSE_IMPLICIT, + OM_REDIRECT_URI_DISCOVERY_RESPONSE, + OM_REDIRECT_URI_REQUEST_LOGOUT, + OM_REDIRECT_URI_REQUEST_JWKS, + OM_REDIRECT_URI_REQUEST_SESSION, + OM_REDIRECT_URI_REQUEST_REFRESH, + OM_REDIRECT_URI_REQUEST_REQUEST_URI, + OM_REDIRECT_URI_REQUEST_REMOVE_AT_CACHE, + OM_REDIRECT_URI_REQUEST_REVOKE_SESSION, + OM_REDIRECT_URI_REQUEST_INFO, + OM_REDIRECT_URI_ERROR_PROVIDER, + OM_REDIRECT_URI_ERROR_INVALID, + + OM_CONTENT_REQUEST_DECLINED, + OM_CONTENT_REQUEST_INFO, + OM_CONTENT_REQUEST_JWKS, + OM_CONTENT_REQUEST_DISCOVERY, + OM_CONTENT_REQUEST_POST_PRESERVE, + OM_CONTENT_REQUEST_UNKNOWN, + +} oidc_metrics_counter_type_t; + +typedef struct oidc_metrics_counter_info_t { + oidc_metrics_counter_type_t type; + char *name; + char *label_name; + char *label_value; + char *desc; +} oidc_metrics_counter_info_t; + +extern const oidc_metrics_counter_info_t _oidc_metrics_counters_info[]; + +void oidc_metrics_counter_inc(request_rec *r, oidc_metrics_counter_type_t type); -#define OIDC_METRICS_COUNTER_ADD(r, cfg, metric_name, label_name, label_value, desc) \ +#define OIDC_METRICS_COUNTER_INC(r, cfg, type) \ if (cfg->metrics_hook_data != NULL) \ - if (apr_hash_get(cfg->metrics_hook_data, metric_name, APR_HASH_KEY_STRING) != NULL) \ - oidc_metrics_counter_add(r, metric_name, label_name, label_value, desc); + if (apr_hash_get(cfg->metrics_hook_data, _oidc_metrics_counters_info[type].name, \ + APR_HASH_KEY_STRING) != NULL) \ + oidc_metrics_counter_inc(r, type); #endif /* MOD_AUTH_OPENIDC_METRICS_H_ */ diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c index afbb546f..3a65db9d 100644 --- a/src/mod_auth_openidc.c +++ b/src/mod_auth_openidc.c @@ -1642,8 +1642,7 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg *cfg, oidc_sess /* verify current cookie domain against issued cookie domain */ if (oidc_check_cookie_domain(r, cfg, session) == FALSE) { *needs_save = FALSE; - OIDC_METRICS_COUNTER_ADD(r, cfg, "session", "error", "cookie-domain", - "cookie domain validation errors for existing sessions") + OIDC_METRICS_COUNTER_INC(r, cfg, OM_SESSION_ERROR_COOKIE_DOMAIN); return HTTP_UNAUTHORIZED; } @@ -1657,9 +1656,8 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg *cfg, oidc_sess /* check if the maximum session duration was exceeded */ if (oidc_check_max_session_duration(r, cfg, session, &rc) == FALSE) { *needs_save = FALSE; + OIDC_METRICS_COUNTER_INC(r, cfg, OM_SESSION_ERROR_EXPIRED); // NB: rc was set (e.g. to a 302 auth redirect) by the call to oidc_check_max_session_duration - OIDC_METRICS_COUNTER_ADD(r, cfg, "session", "error", "expired", - "sessions that exceeded the maximum duration") return rc; } @@ -1669,8 +1667,7 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg *cfg, oidc_sess if (rv == FALSE) { *needs_save = FALSE; oidc_debug(r, "dir_action_on_error_refresh: %d", oidc_cfg_dir_action_on_error_refresh(r)); - OIDC_METRICS_COUNTER_ADD(r, cfg, "session", "error", "refresh-access-token", - "errors refreshing the access token before expiry in existing sessions") + OIDC_METRICS_COUNTER_INC(r, cfg, OM_SESSION_ERROR_REFRESH_ACCESS_TOKEN); if (error_code != OIDC_REFRESH_ERROR_PARALLEL_REFRESH) { if (oidc_cfg_dir_action_on_error_refresh(r) == OIDC_ON_ERROR_LOGOUT) { return oidc_handle_logout_request(r, cfg, session, @@ -1689,8 +1686,7 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg *cfg, oidc_sess if (rv == FALSE) { *needs_save = FALSE; oidc_debug(r, "action_on_userinfo_error: %d", cfg->action_on_userinfo_error); - OIDC_METRICS_COUNTER_ADD(r, cfg, "session", "error", "refresh-user-info", - "errors refreshing claims from the userinfo endpoint in existing sessions") + OIDC_METRICS_COUNTER_INC(r, cfg, OM_SESSION_ERROR_REFRESH_USERINFO); if (error_code != OIDC_REFRESH_ERROR_PARALLEL_REFRESH) { if (cfg->action_on_userinfo_error == OIDC_ON_ERROR_LOGOUT) { return oidc_handle_logout_request(r, cfg, session, @@ -2121,8 +2117,7 @@ static int oidc_handle_authorization_response(request_rec *r, oidc_cfg *c, oidc_ "there: %s", c->default_sso_url); oidc_util_hdr_out_location_set(r, oidc_get_absolute_url(r, c, c->default_sso_url)); - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "response.error", "state-mismatch", - "state mismatch errors in authentication responses") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_STATE_MISMATCH); return HTTP_MOVED_TEMPORARILY; } oidc_error(r, @@ -2136,18 +2131,17 @@ static int oidc_handle_authorization_response(request_rec *r, oidc_cfg *c, oidc_ r->user = NULL; rc = OK; } + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_STATE_MISMATCH); return rc; } // if error text was already produced (e.g. state timeout) then just return with a 400 if (apr_table_get(r->subprocess_env, OIDC_ERROR_ENVVAR) != NULL) { - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "response.error", "state-expired", - "state expired errors in authentication responses") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_STATE_EXPIRED); return HTTP_BAD_REQUEST; } - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "response.error", "state-mismatch", - "state expired errors in authentication responses") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_STATE_MISMATCH); return oidc_util_html_send_error(r, c->error_template, "Invalid Authorization Response", "Could not match the authorization response to an earlier request via " @@ -2157,16 +2151,14 @@ static int oidc_handle_authorization_response(request_rec *r, oidc_cfg *c, oidc_ /* see if the response is an error response */ if (apr_table_get(params, OIDC_PROTO_ERROR) != NULL) { - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "response.error", "provider", - "errors returned by the provider in authentication responses") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_PROVIDER); return oidc_authorization_response_error(r, c, proto_state, apr_table_get(params, OIDC_PROTO_ERROR), apr_table_get(params, OIDC_PROTO_ERROR_DESCRIPTION)); } /* handle the code, implicit or hybrid flow */ if (oidc_handle_flows(r, c, proto_state, provider, params, response_mode, &jwt) == FALSE) { - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "response.error", "protocol", - "errors handling authentication responses") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_PROTOCOL); return oidc_authorization_response_error(r, c, proto_state, "Error in handling response type.", NULL); } @@ -2229,8 +2221,7 @@ static int oidc_handle_authorization_response(request_rec *r, oidc_cfg *c, oidc_ } else { oidc_error(r, "remote user could not be set"); oidc_jwt_destroy(jwt); - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "response.error", "remote-user", - "errors identifying the remote user based on provided claims") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_REMOTE_USER); return oidc_authorization_response_error( r, c, proto_state, "Remote user could not be set: contact the website administrator", NULL); } @@ -2241,8 +2232,7 @@ static int oidc_handle_authorization_response(request_rec *r, oidc_cfg *c, oidc_ /* check that we've actually authenticated a user; functions as error handling for oidc_get_remote_user */ if (r->user == NULL) { - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "response.error", "remote-user", - "errors identifying the remote user based on provided claims") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_REMOTE_USER); return HTTP_UNAUTHORIZED; } @@ -2482,8 +2472,7 @@ static int oidc_authenticate_user(request_rec *r, oidc_cfg *c, oidc_provider_t * /* we're not using multiple OP's configured in a metadata directory, pick the statically configured OP */ if (oidc_provider_static_config(r, c, &provider) == FALSE) { - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "request.error", "provider-config", - "errors retrieving/parsing the provider configuration") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_PROVIDER); return HTTP_INTERNAL_SERVER_ERROR; } } @@ -2574,9 +2563,7 @@ static int oidc_authenticate_user(request_rec *r, oidc_cfg *c, oidc_provider_t * "\"state\" and \"session\" cookies will not be shared between the two!", r_uri.hostname, o_uri.hostname); oidc_proto_state_destroy(proto_state); - OIDC_METRICS_COUNTER_ADD( - r, c, "authn", "request.error", "url", - "errors matching the incoming request URL against the configuration") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_REQUEST_ERROR_URL); return HTTP_INTERNAL_SERVER_ERROR; } } @@ -2588,8 +2575,7 @@ static int oidc_authenticate_user(request_rec *r, oidc_cfg *c, oidc_provider_t * "\"state\" and \"session\" cookies will not work!!", c->cookie_domain, o_uri.hostname, original_url); oidc_proto_state_destroy(proto_state); - OIDC_METRICS_COUNTER_ADD(r, c, "authn", "request.error", "url", - "errors matching the incoming request URL against the configuration") + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_REQUEST_ERROR_URL); return HTTP_INTERNAL_SERVER_ERROR; } } @@ -2600,7 +2586,7 @@ static int oidc_authenticate_user(request_rec *r, oidc_cfg *c, oidc_provider_t * proto_state, id_token_hint, code_challenge, auth_request_params, path_scope); - OIDC_METRICS_TIMING_ADD(r, c, "authn", "request", "authentication requests") + OIDC_METRICS_TIMING_ADD(r, c, OM_AUTHN_REQUEST); return rc; } @@ -3948,12 +3934,12 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t if (oidc_proto_is_redirect_authorization_response(r, c)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_AUTHN_RESPONSE_REDIRECT); + /* this is an authorization response from the OP using the Basic Client profile or a Hybrid flow*/ rc = oidc_handle_redirect_authorization_response(r, c, session); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "authn.response", "redirect", - "authentication responses received in a redirect"); - OIDC_METRICS_TIMING_ADD(r, c, "authn", "response", "authentication responses") + OIDC_METRICS_TIMING_ADD(r, c, OM_AUTHN_RESPONSE); return rc; @@ -3967,37 +3953,39 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t * parameters */ } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_LOGOUT)) { + + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_LOGOUT); + /* handle logout */ rc = oidc_handle_logout(r, c, session); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", OIDC_REDIRECT_URI_REQUEST_LOGOUT, - "logout requests to the redirect URI"); - return rc; } else if (oidc_proto_is_post_authorization_response(r, c)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_AUTHN_RESPONSE_POST); + /* this is an authorization response using the fragment(+POST) response_mode with the Implicit Client * profile */ rc = oidc_handle_post_authorization_response(r, c, session); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "authn.response", "post", - "authentication responses received in a HTTP POST"); - OIDC_METRICS_TIMING_ADD(r, c, "authn", "response", "authentication responses") + OIDC_METRICS_TIMING_ADD(r, c, OM_AUTHN_RESPONSE); return rc; } else if (oidc_is_discovery_response(r, c)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_DISCOVERY_RESPONSE); + /* this is response from the OP discovery page */ rc = oidc_handle_discovery_response(r, c); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "discovery", "response", - "discovery responses to the redirect URI"); - return rc; } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_JWKS)) { + + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_JWKS); + /* * Will be handled in the content handler; avoid: * No authentication done but request not allowed without authentication @@ -4005,59 +3993,51 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t */ r->user = ""; - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", "jwks", - "JWKs retrieval requests to the redirect URI"); - return OK; } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_SESSION)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_SESSION); + /* handle session management request */ rc = oidc_handle_session_management(r, c, session); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", OIDC_REDIRECT_URI_REQUEST_SESSION, - "session management requests to the redirect URI"); - return rc; } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_REFRESH)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_REFRESH); + /* handle refresh token request */ rc = oidc_handle_refresh_token_request(r, c, session); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", OIDC_REDIRECT_URI_REQUEST_REFRESH, - "refresh token requests to the redirect URI"); - return rc; } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_REQUEST_URI)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_REQUEST_URI); + /* handle request object by reference request */ rc = oidc_handle_request_uri(r, c); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", OIDC_REDIRECT_URI_REQUEST_REQUEST_URI, - "Request URI calls to the redirect URI"); - return rc; } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_REMOVE_AT_CACHE)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_REMOVE_AT_CACHE); + /* handle request to invalidate access token cache */ rc = oidc_handle_remove_at_cache(r, c); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", OIDC_REDIRECT_URI_REQUEST_REMOVE_AT_CACHE, - "access token cache removal requests to the redirect URI"); - return rc; } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_REVOKE_SESSION)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_REVOKE_SESSION); + /* handle request to revoke a user session */ rc = oidc_handle_revoke_session(r, c); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", OIDC_REDIRECT_URI_REQUEST_REVOKE_SESSION, - "revoke session requests to the redirect URI"); - return rc; } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_INFO)) { @@ -4065,6 +4045,8 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t if (session->remote_user == NULL) return HTTP_UNAUTHORIZED; + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_REQUEST_INFO); + // need to establish user/claims for authorization purposes rc = oidc_handle_existing_session(r, c, session, &needs_save); @@ -4076,20 +4058,16 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t if (needs_save) oidc_request_state_set(r, OIDC_REQUEST_STATE_KEY_SAVE, ""); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "request", OIDC_REDIRECT_URI_REQUEST_INFO, - "info hook requests to the redirect URI"); - return rc; } else if ((r->args == NULL) || (_oidc_strcmp(r->args, "") == 0)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_AUTHN_RESPONSE_IMPLICIT); + /* this is a "bare" request to the redirect URI, indicating implicit flow using the fragment * response_mode */ rc = oidc_proto_javascript_implicit(r, c); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "authn.response", "implicit", - "(presumed) implicit authentication responses to the redirect URI"); - return rc; } @@ -4098,6 +4076,8 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t /* check for "error" response */ if (oidc_util_request_has_parameter(r, OIDC_PROTO_ERROR)) { + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_ERROR_PROVIDER); + // char *error = NULL, *descr = NULL; // oidc_util_get_request_parameter(r, "error", &error); // oidc_util_get_request_parameter(r, "error_description", &descr); @@ -4106,18 +4086,15 @@ int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t // return oidc_util_html_send_error(r, error, descr, OK); rc = oidc_handle_redirect_authorization_response(r, c, session); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "error", "provider", - "provider authentication response errors received on the redirect URI"); - return rc; } + OIDC_METRICS_COUNTER_INC(r, c, OM_REDIRECT_URI_ERROR_INVALID); + oidc_error( r, "The OpenID Connect callback URL received an invalid request: %s; returning HTTP_INTERNAL_SERVER_ERROR", r->args); - OIDC_METRICS_COUNTER_ADD(r, c, "redirect_uri", "error", "invalid", "invalid requests to the redirect URI"); - /* something went wrong */ return oidc_util_html_send_error( r, c->error_template, "Invalid Request", @@ -4229,10 +4206,9 @@ static int oidc_check_userid_openidc(request_rec *r, oidc_cfg *c) { oidc_strip_cookies(r); if (rc == OK) { - OIDC_METRICS_TIMING_ADD(r, c, "session", "valid", "successfully validated existing sessions") + OIDC_METRICS_TIMING_ADD(r, c, OM_SESSION_VALID); } else { - OIDC_METRICS_COUNTER_ADD(r, c, "session", "error", "generic", - "existing sessions that failed validation") + OIDC_METRICS_COUNTER_INC(r, c, OM_SESSION_ERROR_GENERAL); } return rc; @@ -4287,28 +4263,34 @@ int oidc_check_user_id(request_rec *r) { /* see if any authentication has been defined at all */ current_auth = ap_auth_type(r); - if (current_auth == NULL) - current_auth = "declined"; - /* see if we've configured OpenID Connect user authentication for this request */ - if (strcasecmp(current_auth, OIDC_AUTH_TYPE_OPENID_CONNECT) == 0) { + if (current_auth == NULL) { + + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHTYPE_DECLINED); + /* see if we've configured OpenID Connect user authentication for this request */ + } else if (strcasecmp(current_auth, OIDC_AUTH_TYPE_OPENID_CONNECT) == 0) { + + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHTYPE_OPENID_CONNECT); r->ap_auth_type = (char *)current_auth; rv = oidc_check_userid_openidc(r, c); /* see if we've configured OAuth 2.0 access control for this request */ } else if (strcasecmp(current_auth, OIDC_AUTH_TYPE_OPENID_OAUTH20) == 0) { + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHTYPE_OAUTH20); r->ap_auth_type = (char *)current_auth; rv = oidc_oauth_check_userid(r, c, NULL); /* see if we've configured "mixed mode" for this request */ } else if (strcasecmp(current_auth, OIDC_AUTH_TYPE_OPENID_BOTH) == 0) { + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHTYPE_AUTH_OPENIDC); rv = oidc_check_mixed_userid_oauth(r, c); - } + } else { - OIDC_METRICS_COUNTER_ADD(r, c, "authtype", "handler", current_auth, "incoming requests"); + OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHTYPE_DECLINED); + } return rv; } @@ -4575,8 +4557,7 @@ int oidc_content_handler(request_rec *r) { return oidc_metrics_handle_request(r); if (oidc_enabled(r) == FALSE) { - OIDC_METRICS_COUNTER_ADD(r, c, "content", "request", "declined", - "requests declined by the content handler") + OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_DECLINED); return DECLINED; } @@ -4587,8 +4568,7 @@ int oidc_content_handler(request_rec *r) { if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_INFO)) { - OIDC_METRICS_COUNTER_ADD(r, c, "content", "request", "info", - "info hook requests to the content handler") + OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_INFO); /* see if a session was retained in the request state */ apr_pool_userdata_get((void **)&session, OIDC_USERDATA_SESSION, r->pool); @@ -4611,30 +4591,26 @@ int oidc_content_handler(request_rec *r) { } else if (oidc_util_request_has_parameter(r, OIDC_REDIRECT_URI_REQUEST_JWKS)) { - OIDC_METRICS_COUNTER_ADD(r, c, "content", "request", "jwks", - "JWKs requests to the content handler") + OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_JWKS); /* handle JWKs request */ rc = oidc_handle_jwks(r, c); } else { - OIDC_METRICS_COUNTER_ADD(r, c, "content", "request", "unknown", - "unknown requests to the content handler") + OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_UNKNOWN); } } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_DISCOVERY) != NULL) { - OIDC_METRICS_COUNTER_ADD(r, c, "content", "request", "discovery", - "discovery requests to the content handler") + OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_DISCOVERY); /* discovery may result in a 200 HTML page or a redirect to an external URL */ rc = oidc_discovery(r, c); } else if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_AUTHN) != NULL) { - OIDC_METRICS_COUNTER_ADD(r, c, "content", "request", "post-preserve", - "POST-preservation requests to the content handler") + OIDC_METRICS_COUNTER_INC(r, c, OM_CONTENT_REQUEST_POST_PRESERVE); /* sending POST preserve */ rc = OK;