This is an automated email from the ASF dual-hosted git repository.

klesh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/devlake.git


The following commit(s) were added to refs/heads/main by this push:
     new 48e71f50a fix(server): remove auth from proceed-db-migration endpoint 
(#8930)
48e71f50a is described below

commit 48e71f50a268504ce1b0267c72f974718015b609
Author: Joshua Smith <[email protected]>
AuthorDate: Thu Jun 18 20:34:17 2026 -0600

    fix(server): remove auth from proceed-db-migration endpoint (#8930)
    
    * fix(server): remove auth from proceed-db-migration endpoint
    
      * Auth tables may not exist when migration is pending, causing a 
bootstrap deadlock
      * Restores pre-auth-hardening behavior for the idempotent migration 
endpoint
    
    Signed-off-by: Joshua Smith <[email protected]>
    
    * fix(server): add proceed-db-migration to publicPaths
    
    Signed-off-by: Joshua Smith <[email protected]>
    
    ---------
    
    Signed-off-by: Joshua Smith <[email protected]>
---
 backend/server/api/api.go             |  5 +++--
 backend/server/api/auth/middleware.go | 19 ++++++++++---------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/backend/server/api/api.go b/backend/server/api/api.go
index 82f80ff30..b0dfd74dd 100644
--- a/backend/server/api/api.go
+++ b/backend/server/api/api.go
@@ -127,8 +127,9 @@ func SetupApiServer(router *gin.Engine) {
        router.UseRawPath = true
        // router.UnescapePathValues = false
 
-       // Endpoint to proceed database migration (now requires authentication)
-       router.GET("/proceed-db-migration", auth.RequireAuth(), func(ctx 
*gin.Context) {
+       // Endpoint to proceed database migration — listed in auth.publicPaths 
because
+       // auth tables may not exist yet when migration is pending.
+       router.GET("/proceed-db-migration", func(ctx *gin.Context) {
                // Execute database migration
                errors.Must(services.ExecuteMigration())
                // Return success response
diff --git a/backend/server/api/auth/middleware.go 
b/backend/server/api/auth/middleware.go
index b668de032..231f4d546 100644
--- a/backend/server/api/auth/middleware.go
+++ b/backend/server/api/auth/middleware.go
@@ -34,15 +34,16 @@ import (
 // and clear its session even when the cookie has lapsed; both handlers
 // short-circuit gracefully when no user is set.
 var publicPaths = map[string]struct{}{
-       "/ping":      {},
-       "/ready":     {},
-       "/health":    {},
-       "/version":   {},
-       PathMethods:  {},
-       PathLogin:    {},
-       PathCallback: {},
-       PathLogout:   {},
-       PathUserInfo: {},
+       "/ping":                 {},
+       "/ready":                {},
+       "/health":               {},
+       "/version":              {},
+       "/proceed-db-migration": {},
+       PathMethods:             {},
+       PathLogin:               {},
+       PathCallback:            {},
+       PathLogout:              {},
+       PathUserInfo:            {},
 }
 
 func OIDCAuthentication() gin.HandlerFunc { return 
defaultService.OIDCAuthentication() }

Reply via email to