fix(mgmt): skip bearer authn for mgmt route (#1267)

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2026-06-16 04:17:55 +08:00 · 2023-03-16 21:02:59 +02:00
parent 150ee88945
commit 4d0bbf1e00
5 changed files with 269 additions and 85 deletions
@@ -55,7 +55,18 @@ func bearerAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
 			}
 			vars := mux.Vars(request)
 			name := vars["name"]
+
+			// we want to bypass auth for mgmt route
+			isMgmtRequested := request.RequestURI == constants.FullMgmtPrefix
+
 			header := request.Header.Get("Authorization")
+
+			if (header == "" || header == "Basic Og==") && isMgmtRequested {
+				next.ServeHTTP(response, request)
+
+				return
+			}
+
 			action := auth.PullAction
 			if m := request.Method; m != http.MethodGet && m != http.MethodHead {
 				action = auth.PushAction