From e483fa505ca831c00db7c08b2e949b0a67f4e8ec Mon Sep 17 00:00:00 2001
From: Jan Berktold <jan@berktold.co>
Date: Wed, 24 Apr 2019 23:53:01 +0200
Subject: [PATCH 1/5] Add DRONE_PROMETHEUS_ANONYMOUS_ACCESS configuration
 option

---
 CHANGELOG.md                      |  3 ++-
 cmd/drone-server/config/config.go | 27 ++++++++++++++++-----------
 cmd/drone-server/wire_gen.go      |  2 +-
 metric/handler.go                 |  9 ++++++---
 4 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72de277b5..338391307 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - endpoint to trigger new build for default branch, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679).
 - endpoint to trigger new build for branch, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679).
 - endpoint to trigger new build for branch and sha, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679).
-
+- DRONE_PROMETHEUS_ANONYMOUS_ACCESS configuration option, by [@janberktold](https://github.com/janberktold)
+- 
 ## [1.1.0] - 2019-04-23
 ### Added
 
diff --git a/cmd/drone-server/config/config.go b/cmd/drone-server/config/config.go
index e77a61dfc..3cdd4bfc6 100644
--- a/cmd/drone-server/config/config.go
+++ b/cmd/drone-server/config/config.go
@@ -46,17 +46,17 @@ type (
 	Config struct {
 		License string `envconfig:"DRONE_LICENSE"`
 
-		Authn    Authentication
-		Agent    Agent
-		Cron     Cron
-		Cloning  Cloning
-		Database Database
-		Datadog  Datadog
-		Docker   Docker
-		HTTP     HTTP
-		Jsonnet  Jsonnet
-		Logging  Logging
-		// Prometheus Prometheus
+		Authn        Authentication
+		Agent        Agent
+		Cron         Cron
+		Cloning      Cloning
+		Database     Database
+		Datadog      Datadog
+		Docker       Docker
+		HTTP         HTTP
+		Jsonnet      Jsonnet
+		Logging      Logging
+		Prometheus   Prometheus
 		Proxy        Proxy
 		Registration Registration
 		Registries   Registries
@@ -162,6 +162,11 @@ type (
 		Text   bool `envconfig:"DRONE_LOGS_TEXT"`
 	}
 
+	// Prometheus provides the prometheus configuration.
+	Prometheus struct {
+		EnableAnonymousAccess bool `envconfig:"DRONE_PROMETHEUS_ANONYMOUS_ACCESS" default:"false"`
+	}
+
 	// Repository provides the repository configuration.
 	Repository struct {
 		Filter []string `envconfig:"DRONE_REPOSITORY_FILTER"`
diff --git a/cmd/drone-server/wire_gen.go b/cmd/drone-server/wire_gen.go
index 415edb57d..d8be47352 100644
--- a/cmd/drone-server/wire_gen.go
+++ b/cmd/drone-server/wire_gen.go
@@ -93,7 +93,7 @@ func InitializeApplication(config2 config.Config) (application, error) {
 	options := provideServerOptions(config2)
 	webServer := web.New(admissionService, buildStore, client, hookParser, coreLicense, licenseService, middleware, repositoryStore, session, syncer, triggerer, userStore, userService, webhookSender, options, system)
 	handler := provideRPC(buildManager, config2)
-	metricServer := metric.NewServer(session)
+	metricServer := metric.NewServer(session, config2)
 	mux := provideRouter(server, webServer, handler, metricServer)
 	serverServer := provideServer(mux, config2)
 	mainApplication := newApplication(cronScheduler, datadog, runner, serverServer, userStore)
diff --git a/metric/handler.go b/metric/handler.go
index 66c5ef7fc..19749f3c7 100644
--- a/metric/handler.go
+++ b/metric/handler.go
@@ -10,6 +10,7 @@ import (
 	"errors"
 	"net/http"
 
+	"github.com/drone/drone/cmd/drone-server/config"
 	"github.com/drone/drone/core"
 
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -26,13 +27,15 @@ var errAccessDenied = errors.New("Access denied")
 type Server struct {
 	metrics http.Handler
 	session core.Session
+	config  config.Config
 }
 
 // NewServer returns a new metrics server.
-func NewServer(session core.Session) *Server {
+func NewServer(session core.Session, config config.Config) *Server {
 	return &Server{
 		metrics: promhttp.Handler(),
 		session: session,
+		config:  config,
 	}
 }
 
@@ -41,9 +44,9 @@ func NewServer(session core.Session) *Server {
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	user, _ := s.session.Get(r)
 	switch {
-	case user == nil:
+	case !s.config.Prometheus.EnableAnonymousAccess && user == nil:
 		http.Error(w, errInvalidToken.Error(), 401)
-	case !user.Admin && !user.Machine:
+	case !s.config.Prometheus.EnableAnonymousAccess && !user.Admin && !user.Machine:
 		http.Error(w, errAccessDenied.Error(), 403)
 	default:
 		s.metrics.ServeHTTP(w, r)

From 058187f1508f9e3356c5912a45c5564dd0c188d6 Mon Sep 17 00:00:00 2001
From: Jan Berktold <jan@berktold.co>
Date: Thu, 25 Apr 2019 00:22:55 +0200
Subject: [PATCH 2/5] Code review feedback

---
 cmd/drone-server/inject_server.go |  9 ++++++++-
 cmd/drone-server/wire_gen.go      |  3 +--
 metric/handler.go                 | 19 +++++++++----------
 metric/handler_test.go            | 23 ++++++++++++++++++++---
 4 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/cmd/drone-server/inject_server.go b/cmd/drone-server/inject_server.go
index da2fbee7c..3acd39420 100644
--- a/cmd/drone-server/inject_server.go
+++ b/cmd/drone-server/inject_server.go
@@ -18,6 +18,7 @@ import (
 	"net/http"
 
 	"github.com/drone/drone/cmd/drone-server/config"
+	"github.com/drone/drone/core"
 	"github.com/drone/drone/handler/api"
 	"github.com/drone/drone/handler/web"
 	"github.com/drone/drone/metric"
@@ -33,9 +34,9 @@ import (
 // wire set for loading the server.
 var serverSet = wire.NewSet(
 	manager.New,
-	metric.NewServer,
 	api.New,
 	web.New,
+	provideMetric,
 	provideRouter,
 	provideRPC,
 	provideServer,
@@ -53,6 +54,12 @@ func provideRouter(api api.Server, web web.Server, rpc http.Handler, metrics *me
 	return r
 }
 
+// provideMetric is a Wire provider function that returns the
+// metrics server exposing metrics in prometheus format.
+func provideMetric(session core.Session, config config.Config) *metric.Server {
+	return metric.NewServer(session, config.Prometheus.EnableAnonymousAccess)
+}
+
 // provideRPC is a Wire provider function that returns an rpc
 // handler that exposes the build manager to a remote agent.
 func provideRPC(m manager.BuildManager, config config.Config) http.Handler {
diff --git a/cmd/drone-server/wire_gen.go b/cmd/drone-server/wire_gen.go
index d8be47352..8608a5f97 100644
--- a/cmd/drone-server/wire_gen.go
+++ b/cmd/drone-server/wire_gen.go
@@ -10,7 +10,6 @@ import (
 	"github.com/drone/drone/handler/api"
 	"github.com/drone/drone/handler/web"
 	"github.com/drone/drone/livelog"
-	"github.com/drone/drone/metric"
 	"github.com/drone/drone/operator/manager"
 	"github.com/drone/drone/pubsub"
 	"github.com/drone/drone/service/commit"
@@ -93,7 +92,7 @@ func InitializeApplication(config2 config.Config) (application, error) {
 	options := provideServerOptions(config2)
 	webServer := web.New(admissionService, buildStore, client, hookParser, coreLicense, licenseService, middleware, repositoryStore, session, syncer, triggerer, userStore, userService, webhookSender, options, system)
 	handler := provideRPC(buildManager, config2)
-	metricServer := metric.NewServer(session, config2)
+	metricServer := provideMetrics(session, config2)
 	mux := provideRouter(server, webServer, handler, metricServer)
 	serverServer := provideServer(mux, config2)
 	mainApplication := newApplication(cronScheduler, datadog, runner, serverServer, userStore)
diff --git a/metric/handler.go b/metric/handler.go
index 19749f3c7..724e3b42e 100644
--- a/metric/handler.go
+++ b/metric/handler.go
@@ -10,7 +10,6 @@ import (
 	"errors"
 	"net/http"
 
-	"github.com/drone/drone/cmd/drone-server/config"
 	"github.com/drone/drone/core"
 
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -25,17 +24,17 @@ var errAccessDenied = errors.New("Access denied")
 
 // Server is an http Metrics server.
 type Server struct {
-	metrics http.Handler
-	session core.Session
-	config  config.Config
+	metrics   http.Handler
+	session   core.Session
+	anonymous bool
 }
 
 // NewServer returns a new metrics server.
-func NewServer(session core.Session, config config.Config) *Server {
+func NewServer(session core.Session, anonymous bool) *Server {
 	return &Server{
-		metrics: promhttp.Handler(),
-		session: session,
-		config:  config,
+		metrics:   promhttp.Handler(),
+		session:   session,
+		anonymous: anonymous,
 	}
 }
 
@@ -44,9 +43,9 @@ func NewServer(session core.Session, config config.Config) *Server {
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	user, _ := s.session.Get(r)
 	switch {
-	case !s.config.Prometheus.EnableAnonymousAccess && user == nil:
+	case !s.anonymous && user == nil:
 		http.Error(w, errInvalidToken.Error(), 401)
-	case !s.config.Prometheus.EnableAnonymousAccess && !user.Admin && !user.Machine:
+	case !s.anonymous && !user.Admin && !user.Machine:
 		http.Error(w, errAccessDenied.Error(), 403)
 	default:
 		s.metrics.ServeHTTP(w, r)
diff --git a/metric/handler_test.go b/metric/handler_test.go
index 27892aaf1..2931e135b 100644
--- a/metric/handler_test.go
+++ b/metric/handler_test.go
@@ -26,7 +26,7 @@ func TestHandleMetrics(t *testing.T) {
 	session := mock.NewMockSession(controller)
 	session.EXPECT().Get(r).Return(mockUser, nil)
 
-	NewServer(session).ServeHTTP(w, r)
+	NewServer(session, false).ServeHTTP(w, r)
 	if got, want := w.Code, 200; got != want {
 		t.Errorf("Want status code %d, got %d", want, got)
 	}
@@ -46,13 +46,30 @@ func TestHandleMetrics_NoSession(t *testing.T) {
 	session := mock.NewMockSession(controller)
 	session.EXPECT().Get(r).Return(nil, nil)
 
-	NewServer(session).ServeHTTP(w, r)
+	NewServer(session, false).ServeHTTP(w, r)
 
 	if got, want := w.Code, 401; got != want {
 		t.Errorf("Want status code %d, got %d", want, got)
 	}
 }
 
+func TestHandleMetrics_NoSessionButAnonymousAccessEnabled(t *testing.T) {
+	controller := gomock.NewController(t)
+	defer controller.Finish()
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest("GET", "/", nil)
+
+	session := mock.NewMockSession(controller)
+	session.EXPECT().Get(r).Return(nil, nil)
+
+	NewServer(session, true).ServeHTTP(w, r)
+
+	if got, want := w.Code, 200; got != want {
+		t.Errorf("Want status code %d, got %d", want, got)
+	}
+}
+
 func TestHandleMetrics_AccessDenied(t *testing.T) {
 	controller := gomock.NewController(t)
 	defer controller.Finish()
@@ -64,7 +81,7 @@ func TestHandleMetrics_AccessDenied(t *testing.T) {
 	session := mock.NewMockSession(controller)
 	session.EXPECT().Get(r).Return(mockUser, nil)
 
-	NewServer(session).ServeHTTP(w, r)
+	NewServer(session, false).ServeHTTP(w, r)
 	if got, want := w.Code, 403; got != want {
 		t.Errorf("Want status code %d, got %d", want, got)
 	}

From 78547a6a010f144046d2002ed638ae385f61c980 Mon Sep 17 00:00:00 2001
From: Jan Berktold <jan@berktold.co>
Date: Thu, 25 Apr 2019 00:33:00 +0200
Subject: [PATCH 3/5] Fixing wire_gen.go

---
 cmd/drone-server/wire_gen.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/drone-server/wire_gen.go b/cmd/drone-server/wire_gen.go
index 8608a5f97..5b473eb70 100644
--- a/cmd/drone-server/wire_gen.go
+++ b/cmd/drone-server/wire_gen.go
@@ -92,7 +92,7 @@ func InitializeApplication(config2 config.Config) (application, error) {
 	options := provideServerOptions(config2)
 	webServer := web.New(admissionService, buildStore, client, hookParser, coreLicense, licenseService, middleware, repositoryStore, session, syncer, triggerer, userStore, userService, webhookSender, options, system)
 	handler := provideRPC(buildManager, config2)
-	metricServer := provideMetrics(session, config2)
+	metricServer := provideMetric(session, config2)
 	mux := provideRouter(server, webServer, handler, metricServer)
 	serverServer := provideServer(mux, config2)
 	mainApplication := newApplication(cronScheduler, datadog, runner, serverServer, userStore)

From c34efc152a250eff6ca69b20c4d8df3a3b1f8a7b Mon Sep 17 00:00:00 2001
From: Thomas Boerger <thomas@webhippie.de>
Date: Fri, 26 Apr 2019 11:02:10 +0200
Subject: [PATCH 4/5] Use branch form value as fallback for last build

The current version of the Drone CLI is still using the branch form
value to filter the latest build information while the server is
listening only for the ref form value. With this fix we are falling back
to branch form value if it gets defined, formats it as a ref and hands
it to the further functions.
---
 CHANGELOG.md                       | 10 +++++++---
 handler/api/repos/builds/latest.go |  4 ++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 338391307..ebe8ef9c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,15 +11,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - endpoint to trigger new build for branch, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679).
 - endpoint to trigger new build for branch and sha, by [@bradrydzewski](https://github.com/bradrydzewski). [#2679](https://github.com/drone/drone/issues/2679).
 - DRONE_PROMETHEUS_ANONYMOUS_ACCESS configuration option, by [@janberktold](https://github.com/janberktold)
-- 
+
+### Fixed
+
+- allow to filter last builds by branch, by [@tboerger](https://github.com/tboerger).
+
 ## [1.1.0] - 2019-04-23
 ### Added
 
 - specify a user for the pipeline step, by [@bradrydzewski](https://github.com/bradrydzewski). [#2651](https://github.com/drone/drone/issues/2651).
 - support for Gitea oauth2, by [@techknowlogick](https://github.com/techknowlogick). [#2622](https://github.com/drone/drone/pull/2622).
 - ping the docker daemon before starting the agent, by [@bradrydzewski](https://github.com/bradrydzewski). [#2495](https://github.com/drone/drone/issues/2495).
-- support for Cron job name in Yaml trigger block, by [@bradrydzewski](https://github.com/bradrydzewski). [#2628](https://github.com/drone/drone/issues/2628). 
-- support for Cron job name in Yaml when block, by [@bradrydzewski](https://github.com/bradrydzewski). [#2628](https://github.com/drone/drone/issues/2628). 
+- support for Cron job name in Yaml trigger block, by [@bradrydzewski](https://github.com/bradrydzewski). [#2628](https://github.com/drone/drone/issues/2628).
+- support for Cron job name in Yaml when block, by [@bradrydzewski](https://github.com/bradrydzewski). [#2628](https://github.com/drone/drone/issues/2628).
 - sqlite username column changed to case-insensitive, by [@bradrydzewski](https://github.com/bradrydzewski).
 - endpoint to purge repository from database, by [@bradrydzewski](https://github.com/bradrydzewski).
 - support for per-organization secrets, by [@bradrydzewski](https://github.com/bradrydzewski).
diff --git a/handler/api/repos/builds/latest.go b/handler/api/repos/builds/latest.go
index 886cbac1c..a15be1308 100644
--- a/handler/api/repos/builds/latest.go
+++ b/handler/api/repos/builds/latest.go
@@ -36,6 +36,7 @@ func HandleLast(
 			namespace = chi.URLParam(r, "owner")
 			name      = chi.URLParam(r, "name")
 			ref       = r.FormValue("ref")
+			branch    = r.FormValue("branch")
 		)
 		repo, err := repos.FindName(r.Context(), namespace, name)
 		if err != nil {
@@ -45,6 +46,9 @@ func HandleLast(
 		if ref == "" {
 			ref = fmt.Sprintf("refs/heads/%s", repo.Branch)
 		}
+		if branch != "" {
+			ref = fmt.Sprintf("refs/heads/%s", branch)
+		}
 		build, err := builds.FindRef(r.Context(), repo.ID, ref)
 		if err != nil {
 			render.NotFound(w, err)

From a093990d0b0fd65d442eda60612a0e32ce8ed533 Mon Sep 17 00:00:00 2001
From: Stefan Schwarz <ssz@bitsbeats.com>
Date: Tue, 14 May 2019 17:28:15 +0200
Subject: [PATCH 5/5] fix oss build

---
 metric/handler_oss.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/metric/handler_oss.go b/metric/handler_oss.go
index a20a4e695..253f3c289 100644
--- a/metric/handler_oss.go
+++ b/metric/handler_oss.go
@@ -27,7 +27,7 @@ type Server struct {
 }
 
 // NewServer returns a new metrics server.
-func NewServer(session core.Session) *Server {
+func NewServer(session core.Session, anonymous bool) *Server {
 	return new(Server)
 }