This is an automated email from the ASF dual-hosted git repository.
klesh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/devlake.git
The following commit(s) were added to refs/heads/main by this push:
new 48e71f50a fix(server): remove auth from proceed-db-migration endpoint
(#8930)
48e71f50a is described below
commit 48e71f50a268504ce1b0267c72f974718015b609
Author: Joshua Smith <[email protected]>
AuthorDate: Thu Jun 18 20:34:17 2026 -0600
fix(server): remove auth from proceed-db-migration endpoint (#8930)
* fix(server): remove auth from proceed-db-migration endpoint
* Auth tables may not exist when migration is pending, causing a
bootstrap deadlock
* Restores pre-auth-hardening behavior for the idempotent migration
endpoint
Signed-off-by: Joshua Smith <[email protected]>
* fix(server): add proceed-db-migration to publicPaths
Signed-off-by: Joshua Smith <[email protected]>
---------
Signed-off-by: Joshua Smith <[email protected]>
---
backend/server/api/api.go | 5 +++--
backend/server/api/auth/middleware.go | 19 ++++++++++---------
2 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/backend/server/api/api.go b/backend/server/api/api.go
index 82f80ff30..b0dfd74dd 100644
--- a/backend/server/api/api.go
+++ b/backend/server/api/api.go
@@ -127,8 +127,9 @@ func SetupApiServer(router *gin.Engine) {
router.UseRawPath = true
// router.UnescapePathValues = false
- // Endpoint to proceed database migration (now requires authentication)
- router.GET("/proceed-db-migration", auth.RequireAuth(), func(ctx
*gin.Context) {
+ // Endpoint to proceed database migration — listed in auth.publicPaths
because
+ // auth tables may not exist yet when migration is pending.
+ router.GET("/proceed-db-migration", func(ctx *gin.Context) {
// Execute database migration
errors.Must(services.ExecuteMigration())
// Return success response
diff --git a/backend/server/api/auth/middleware.go
b/backend/server/api/auth/middleware.go
index b668de032..231f4d546 100644
--- a/backend/server/api/auth/middleware.go
+++ b/backend/server/api/auth/middleware.go
@@ -34,15 +34,16 @@ import (
// and clear its session even when the cookie has lapsed; both handlers
// short-circuit gracefully when no user is set.
var publicPaths = map[string]struct{}{
- "/ping": {},
- "/ready": {},
- "/health": {},
- "/version": {},
- PathMethods: {},
- PathLogin: {},
- PathCallback: {},
- PathLogout: {},
- PathUserInfo: {},
+ "/ping": {},
+ "/ready": {},
+ "/health": {},
+ "/version": {},
+ "/proceed-db-migration": {},
+ PathMethods: {},
+ PathLogin: {},
+ PathCallback: {},
+ PathLogout: {},
+ PathUserInfo: {},
}
func OIDCAuthentication() gin.HandlerFunc { return
defaultService.OIDCAuthentication() }