Fix demo mode to allow authentication endpoints
Demo mode now permits login/logout and OIDC authentication endpoints while still blocking all modification requests. This allows demo instances to require authentication while remaining read-only. Authentication endpoints are read-only operations that verify credentials and issue session tokens without modifying any state. All POST/PUT/DELETE/PATCH operations remain blocked.
This commit is contained in:
parent
aea9586145
commit
a9d2209edd
1 changed files with 14 additions and 0 deletions
|
|
@ -32,6 +32,20 @@ func DemoModeMiddleware(cfg *config.Config, next http.Handler) http.Handler {
|
|||
return
|
||||
}
|
||||
|
||||
// Allow authentication endpoints (login is read-only - verifies credentials)
|
||||
authPaths := []string{
|
||||
"/api/login",
|
||||
"/api/oidc/login",
|
||||
"/api/oidc/callback",
|
||||
"/api/logout",
|
||||
}
|
||||
for _, path := range authPaths {
|
||||
if r.URL.Path == path {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Block all modification requests (POST, PUT, DELETE, PATCH)
|
||||
log.Warn().
|
||||
Str("method", r.Method).
|
||||
|
|
|
|||
Loading…
Reference in a new issue