feat: bypass security for health checks and support HEAD downloads
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 2m30s
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 2m30s
- Allow the `/health` endpoint to bypass the security middleware, ensuring container health checks succeed even if the proxy IP is banned. - Add a test to verify health checks from banned IPs. - Register a HEAD route for file downloads. - Refactor admin alert status checks to use a new `isUnacknowledgedAlert` helper. - Update the security runbook documentation with clearer instructions and examples for trusted proxy configuration.
This commit is contained in:
@@ -16,6 +16,27 @@ import (
|
||||
"warpbox/lib/security"
|
||||
)
|
||||
|
||||
func TestSecurityMiddlewareAllowsHealthCheckFromBannedIP(t *testing.T) {
|
||||
app := &App{
|
||||
config: &config.Config{SecurityEnabled: true},
|
||||
securityGuard: security.NewGuard(),
|
||||
}
|
||||
app.securityGuard.Ban("172.30.0.1", 300)
|
||||
|
||||
router := gin.New()
|
||||
router.Use(app.securityMiddleware())
|
||||
router.GET("/health", app.handleHealth)
|
||||
|
||||
request := httptest.NewRequest(http.MethodGet, "/health", nil)
|
||||
request.RemoteAddr = "172.30.0.1:12345"
|
||||
response := httptest.NewRecorder()
|
||||
router.ServeHTTP(response, request)
|
||||
|
||||
if response.Code != http.StatusOK {
|
||||
t.Fatalf("expected health check to pass, got %d", response.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAdminSecurityActionsWriteAuditTrail(t *testing.T) {
|
||||
app, router := setupAdminSecurityTest(t)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user