Enable AppEngine profiling endpoints.

appengine/gaemiddleware/auth.go

Index: appengine/gaemiddleware/auth.go
diff --git a/appengine/gaemiddleware/auth.go b/appengine/gaemiddleware/auth.go
new file mode 100644
index 0000000000000000000000000000000000000000..34a622df3bc5526f2d59aed278c82cfa7cb6b0bd
--- /dev/null
+++ b/appengine/gaemiddleware/auth.go
@@ -0,0 +1,33 @@
+// Copyright 2016 The LUCI Authors. All rights reserved.
+// Use of this source code is governed under the Apache License, Version 2.0
+// that can be found in the LICENSE file.
+
+package gaemiddleware
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/luci/luci-go/common/logging"
+	"github.com/luci/luci-go/server/auth"
+	"github.com/luci/luci-go/server/router"
+)
+
+// RequireSuperuser ensures that the request is from an authenticated AppEngine
+// super user, as defined by the AppEngine instance.
+//
+// It is recommended that auth.Autologin be installed prior to calling this so
+// that anonymous users have an opportunity to log in.
+func RequireSuperuser(c *router.Context, next router.Handler) {
+	cu := auth.CurrentUser(c.Context)
+	if !cu.Superuser {
+		c.Writer.WriteHeader(http.StatusForbidden)
+		logging.Fields{
+			"user": cu.Identity,
+		}.Errorf(c.Context, "request not made by super user")
+		fmt.Fprint(c.Writer, "error: only available to super user")
+		return
+	}
+
+	next(c)
+}