From 29c18627548900c64e2df47513dc5678f4d24e55 Mon Sep 17 00:00:00 2001 From: matias-portainer <104775949+matias-portainer@users.noreply.github.com> Date: Fri, 7 Jul 2023 17:37:42 -0300 Subject: [PATCH] fix(api): add missing public access middleware to routes EE-5191 (#9086) --- api/http/handler/endpoints/handler.go | 4 ++-- api/http/handler/stacks/handler.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/http/handler/endpoints/handler.go b/api/http/handler/endpoints/handler.go index 5f7ead6c0..af0a3d608 100644 --- a/api/http/handler/endpoints/handler.go +++ b/api/http/handler/endpoints/handler.go @@ -76,10 +76,10 @@ func NewHandler(bouncer security.BouncerService, demoService *demo.Service) *Han h.Handle("/endpoints/{id}/registries/{registryId}", bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.endpointRegistryAccess))).Methods(http.MethodPut) - h.Handle("/endpoints/global-key", httperror.LoggerHandler(h.endpointCreateGlobalKey)).Methods(http.MethodPost) + h.Handle("/endpoints/global-key", bouncer.PublicAccess(httperror.LoggerHandler(h.endpointCreateGlobalKey))).Methods(http.MethodPost) // DEPRECATED - h.Handle("/endpoints/{id}/status", httperror.LoggerHandler(h.endpointStatusInspect)).Methods(http.MethodGet) + h.Handle("/endpoints/{id}/status", bouncer.PublicAccess(httperror.LoggerHandler(h.endpointStatusInspect))).Methods(http.MethodGet) return h } diff --git a/api/http/handler/stacks/handler.go b/api/http/handler/stacks/handler.go index 0f8edd43f..e333393e5 100644 --- a/api/http/handler/stacks/handler.go +++ b/api/http/handler/stacks/handler.go @@ -81,7 +81,7 @@ func NewHandler(bouncer security.BouncerService) *Handler { h.Handle("/stacks/{id}/stop", bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackStop))).Methods(http.MethodPost) h.Handle("/stacks/webhooks/{webhookID}", - httperror.LoggerHandler(h.webhookInvoke)).Methods(http.MethodPost) + bouncer.PublicAccess(httperror.LoggerHandler(h.webhookInvoke))).Methods(http.MethodPost) return h }