rms/VictoriaMetrics
1
0
Fork 0
mirror of https://github.com/VictoriaMetrics/VictoriaMetrics.git synced 2026-06-14 06:13:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

lib/httpserver: properly check basic authorization

Browse Source 
Commit 68791f9ccc21548d27f1cf04d0b3270be4146b82 introduced regression.
It performed basicAuth check before built-in routes. It made impossible
to bypass basic authorization with `authKey` param.

This commit fixeds that issue and removes unneeded check. It also adds
integration tests for this case.

 Related issue:
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/7345

---------

Signed-off-by: f41gh7 <nik@victoriametrics.com>
This commit is contained in:
Nikolay
2025-02-17 15:52:22 +01:00
committed by GitHub
parent a91109fc97
commit 12c39b660d
3 changed files with 122 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/httpserver/httpserver.go
View File

@@ -386,9 +386,6 @@ func handlerWrapper(w http.ResponseWriter, r *http.Request, rh RequestHandler) {
}
func builtinRoutesHandler(s *server, r *http.Request, w http.ResponseWriter, rh RequestHandler) bool {
if !isProtectedByAuthFlag(r.URL.Path) && !CheckBasicAuth(w, r) {
return true
}
h := w.Header()