fix: do not require auth for readyz/healthz endpoints (#7403)

Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
2026-01-05 01:59:53 -06:00 · 2025-12-01 10:35:28 +01:00
parent e3bcba5c45
commit 8a54ffa668
2 changed files with 15 additions and 15 deletions
--- a/core/config/application_config.go
+++ b/core/config/application_config.go
@@ -72,6 +72,8 @@ type ApplicationConfig struct {
 	DisableRuntimeSettings bool

 	AgentJobRetentionDays int // Default: 30 days
+
+	PathWithoutAuth []string
 }

 type AppOption func(*ApplicationConfig)
@@ -82,6 +84,15 @@ func NewApplicationConfig(o ...AppOption) *ApplicationConfig {
 		UploadLimitMB:         15,
 		Debug:                 true,
 		AgentJobRetentionDays: 30, // Default: 30 days
+		PathWithoutAuth: []string{
+			"/static/",
+			"/generated-audio/",
+			"/generated-images/",
+			"/generated-videos/",
+			"/favicon.svg",
+			"/readyz",
+			"/healthz",
+		},
 	}
 	for _, oo := range o {
 		oo(opt)
--- a/core/http/middleware/auth.go
+++ b/core/http/middleware/auth.go
@@ -156,21 +156,10 @@ func getApiKeyRequiredFilterFunction(applicationConfig *config.ApplicationConfig
 	return func(c echo.Context) bool {
 		path := c.Request().URL.Path

-		// Always skip authentication for static files
-		if strings.HasPrefix(path, "/static/") {
-			return true
-		}
-
-		// Always skip authentication for generated content
-		if strings.HasPrefix(path, "/generated-audio/") ||
-			strings.HasPrefix(path, "/generated-images/") ||
-			strings.HasPrefix(path, "/generated-videos/") {
-			return true
-		}
-
-		// Skip authentication for favicon
-		if path == "/favicon.svg" {
-			return true
+		for _, p := range applicationConfig.PathWithoutAuth {
+			if strings.HasPrefix(path, p) {
+				return true
+			}
 		}

 		// Handle GET request exemptions if enabled