kato/warpbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: bypass security for health checks and support HEAD downloads
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 2m30s
Details

Browse Source 
- Allow the `/health` endpoint to bypass the security middleware, ensuring container health checks succeed even if the proxy IP is banned.
- Add a test to verify health checks from banned IPs.
- Register a HEAD route for file downloads.
- Refactor admin alert status checks to use a new `isUnacknowledgedAlert` helper.
- Update the security runbook documentation with clearer instructions and examples for trusted proxy configuration.
This commit is contained in:
Daniel Legt
2026-05-23 19:07:11 +03:00
parent a2c80ac105
commit f0dcdd50ca
10 changed files with 250 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/server/admin_security.go
View File

@@ -103,6 +103,10 @@ func (app *App) createAlert(title string, severity string, group string, code st
func (app *App) securityMiddleware() gin.HandlerFunc {
return func(ctx *gin.Context) {
if ctx.Request != nil && ctx.Request.URL != nil && ctx.Request.URL.Path == "/health" {
ctx.Next()
return
}
if !app.securityFeaturesEnabled() {
ctx.Next()
return