feat: bypass security for health checks and support HEAD downloads
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 2m30s
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 2m30s
- Allow the `/health` endpoint to bypass the security middleware, ensuring container health checks succeed even if the proxy IP is banned. - Add a test to verify health checks from banned IPs. - Register a HEAD route for file downloads. - Refactor admin alert status checks to use a new `isUnacknowledgedAlert` helper. - Update the security runbook documentation with clearer instructions and examples for trusted proxy configuration.
This commit is contained in:
@@ -287,7 +287,7 @@ func (app *App) buildAdminDashboardView() adminDashboardView {
|
||||
}
|
||||
|
||||
for _, alert := range alertsList {
|
||||
if alert.Status != alerts.StatusClosed {
|
||||
if isUnacknowledgedAlert(alert) {
|
||||
view.OpenAlerts++
|
||||
switch alert.Severity {
|
||||
case "high":
|
||||
@@ -474,10 +474,10 @@ func (app *App) handleAdminAlerts(ctx *gin.Context) {
|
||||
case "closed":
|
||||
closedCount++
|
||||
}
|
||||
if alert.Severity == "high" && string(alert.Status) != "closed" {
|
||||
if alert.Severity == "high" && isUnacknowledgedAlert(alert) {
|
||||
highCount++
|
||||
}
|
||||
if alert.Severity == "medium" && string(alert.Status) != "closed" {
|
||||
if alert.Severity == "medium" && isUnacknowledgedAlert(alert) {
|
||||
mediumCount++
|
||||
}
|
||||
}
|
||||
@@ -495,3 +495,7 @@ func (app *App) handleAdminAlerts(ctx *gin.Context) {
|
||||
"AlertChipLabel": adminAlertChipLabel(openCount),
|
||||
})
|
||||
}
|
||||
|
||||
func isUnacknowledgedAlert(alert alerts.Alert) bool {
|
||||
return alert.Status == "" || alert.Status == alerts.StatusOpen
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user