This is an automated email from the ASF dual-hosted git repository.
Startrekzky pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git
The following commit(s) were added to refs/heads/main by this push:
new ad202276a feat: require authentication for /proceed-db-migration
endpoint if auth was enabled (#8893)
ad202276a is described below
commit ad202276ab04c5b545fb0c5515c667b8d97ca61a
Author: Klesh Wong <[email protected]>
AuthorDate: Sat May 30 19:34:08 2026 +0800
feat: require authentication for /proceed-db-migration endpoint if auth was
enabled (#8893)
* feat: require authentication for /proceed-db-migration endpoint if auth
was enabled
* fix: linting
* fix: disable codespell due to it is blocked by asf runner
---------
Co-authored-by: Klesh Wong <[email protected]>
---
...espell.yml => codespell.yml.action-blocked-by-asf} | 0
backend/server/api/api.go | 4 ++--
backend/server/api/auth/middleware.go | 19 +++++++++----------
backend/test/helper/client.go | 1 +
4 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/.github/workflows/codespell.yml
b/.github/workflows/codespell.yml.action-blocked-by-asf
similarity index 100%
rename from .github/workflows/codespell.yml
rename to .github/workflows/codespell.yml.action-blocked-by-asf
diff --git a/backend/server/api/api.go b/backend/server/api/api.go
index cd66b765a..82f80ff30 100644
--- a/backend/server/api/api.go
+++ b/backend/server/api/api.go
@@ -127,8 +127,8 @@ func SetupApiServer(router *gin.Engine) {
router.UseRawPath = true
// router.UnescapePathValues = false
- // Endpoint to proceed database migration
- router.GET("/proceed-db-migration", func(ctx *gin.Context) {
+ // Endpoint to proceed database migration (now requires authentication)
+ router.GET("/proceed-db-migration", auth.RequireAuth(), func(ctx
*gin.Context) {
// Execute database migration
errors.Must(services.ExecuteMigration())
// Return success response
diff --git a/backend/server/api/auth/middleware.go
b/backend/server/api/auth/middleware.go
index 231f4d546..b668de032 100644
--- a/backend/server/api/auth/middleware.go
+++ b/backend/server/api/auth/middleware.go
@@ -34,16 +34,15 @@ import (
// and clear its session even when the cookie has lapsed; both handlers
// short-circuit gracefully when no user is set.
var publicPaths = map[string]struct{}{
- "/ping": {},
- "/ready": {},
- "/health": {},
- "/version": {},
- "/proceed-db-migration": {},
- PathMethods: {},
- PathLogin: {},
- PathCallback: {},
- PathLogout: {},
- PathUserInfo: {},
+ "/ping": {},
+ "/ready": {},
+ "/health": {},
+ "/version": {},
+ PathMethods: {},
+ PathLogin: {},
+ PathCallback: {},
+ PathLogout: {},
+ PathUserInfo: {},
}
func OIDCAuthentication() gin.HandlerFunc { return
defaultService.OIDCAuthentication() }
diff --git a/backend/test/helper/client.go b/backend/test/helper/client.go
index c3855f589..8e39d6f5b 100644
--- a/backend/test/helper/client.go
+++ b/backend/test/helper/client.go
@@ -180,6 +180,7 @@ func ConnectLocalServer(t *testing.T, clientConfig
*LocalClientConfig) *DevlakeC
api.CreateAndRunApiServer()
})
}()
+ // NOTE: /proceed-db-migration now requires authentication. If
AUTH_ENABLED=true, this test must provide credentials.
req, err2 := http.NewRequest(http.MethodGet,
fmt.Sprintf("%s/proceed-db-migration", addr), nil)
require.NoError(t, err2)
d.forceSendHttpRequest(100, req, func(err errors.Error) bool {