Enable AppEngine profiling endpoints.

appengine/gaemiddleware/auth.go

+// Copyright 2016 The LUCI Authors. All rights reserved.
+// Use of this source code is governed under the Apache License, Version 2.0
+// that can be found in the LICENSE file.
+
+package gaemiddleware
+
+import (
+        "fmt"
+        "net/http"
+
+        "github.com/luci/luci-go/common/logging"
+        "github.com/luci/luci-go/server/auth"
+        "github.com/luci/luci-go/server/router"
+)
+
+// RequireSuperuser ensures that the request is from an authenticated AppEngine
+// super user, as defined by the AppEngine instance.
+//
+// It is recommended that auth.Autologin be installed prior to calling this so
+// that anonymous users have an opportunity to log in.
+func RequireSuperuser(c *router.Context, next router.Handler) {
+        cu := auth.CurrentUser(c.Context)
+        if !cu.Superuser {
+                c.Writer.WriteHeader(http.StatusForbidden)
+                logging.Fields{
+                        "user": cu.Identity,
+                }.Errorf(c.Context, "request not made by super user")
+                fmt.Fprint(c.Writer, "error: only available to super user")
+                return
+        }
+
+        next(c)
+}