lib/httpserver: allow reloadAuthKey and configAuthKey to override htt… (#6338)

…pAuth.* address https://github.com/VictoriaMetrics/VictoriaMetrics/issues/6329, makes `reloadAuthKey`, `configAuthKey`, `flagsAuthKey`, `pprofAuthKey` behavior the same way, but keys like `-snapshotAuthKey`, `-forceMergeAuthKey` are still protected by httpAuth.*. All the available key are listed in https://docs.victoriametrics.com/single-server-victoriametrics/#security. --------- Signed-off-by: hagen1778 <roman@victoriametrics.com> Co-authored-by: hagen1778 <roman@victoriametrics.com> (cherry picked from commit 61dce6f2a1) Signed-off-by: hagen1778 <roman@victoriametrics.com>
2026-05-22 11:16:35 +03:00 · 2024-06-10 12:09:47 +02:00
parent 6fd314d8ba
commit 028a80613f
10 changed files with 25 additions and 12 deletions
--- a/lib/httpserver/httpserver.go
+++ b/lib/httpserver/httpserver.go
@@ -396,6 +396,18 @@ func handlerWrapper(s *server, w http.ResponseWriter, r *http.Request, rh Reques
 		// See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4128
 		fmt.Fprintf(w, "User-agent: *\nDisallow: /\n")
 		return
+	case "/config", "/-/reload":
+		// only some components (vmagent, vmalert, etc.) support these handlers
+		// these components are responsible for CheckAuthFlag call
+		// see https://github.com/VictoriaMetrics/VictoriaMetrics/issues/6329
+		w = &responseWriterWithAbort{
+			ResponseWriter: w,
+		}
+		if !rh(w, r) {
+			Errorf(w, r, "unsupported path requested: %q", r.URL.Path)
+			unsupportedRequestErrors.Inc()
+		}
+		return
 	default:
 		if strings.HasPrefix(r.URL.Path, "/debug/pprof/") {
 			pprofRequests.Inc()