Merge pull request ducktors#103 from adriantr/conf-unprotected-health…

…-route feat: unprotected health route
WANZARGEN · Mar 21, 2023 · df6115c · df6115c
2 parents 27484a3 + 05742bd
commit df6115c
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 15 deletions.
diff --git a/src/plugins/remote-cache/index.ts b/src/plugins/remote-cache/index.ts
@@ -28,20 +28,6 @@ async function turboRemoteCache(
     },
   )
 
-  const tokens = new Set<string>(allowedTokens)
-  instance.addHook('onRequest', async function (request) {
-    let authHeader = request.headers['authorization']
-    authHeader = Array.isArray(authHeader) ? authHeader.join() : authHeader
-
-    if (!authHeader) {
-      throw badRequest(`Missing Authorization header`)
-    }
-    const [, token] = authHeader.split('Bearer ')
-    if (!tokens.has(token)) {
-      throw unauthorized(`Invalid authorization token`)
-    }
-  })
-
   instance.decorate(
     'location',
     createLocation(provider, {
@@ -60,10 +46,31 @@ async function turboRemoteCache(
 
   await instance.register(
     async function (i) {
+      const tokens = new Set<string>(allowedTokens)
+
+      i.addHook('onRequest', async function (request) {
+        let authHeader = request.headers['authorization']
+        authHeader = Array.isArray(authHeader) ? authHeader.join() : authHeader
+
+        if (!authHeader) {
+          throw badRequest(`Missing Authorization header`)
+        }
+        const [, token] = authHeader.split('Bearer ')
+        if (!tokens.has(token)) {
+          throw unauthorized(`Invalid authorization token`)
+        }
+      })
+
       i.route(getArtifact)
       i.route(headArtifact)
       i.route(putArtifact)
       i.route(artifactsEvents)
+    },
+    { prefix: `/${apiVersion}` },
+  )
+
+  await instance.register(
+    async i => {
       i.route(getStatus)
     },
     { prefix: `/${apiVersion}` },

diff --git a/test/local.ts b/test/local.ts
@@ -153,7 +153,7 @@ test(`local'`, async t => {
     t2.equal(response.statusCode, 200)
     t2.same(response.json(), {})
   })
-  t.test('should return 200 when GET artifacts/status is called', async t2 => {
+  t.test('should return 200 when GET artifacts/status is calle with auth header', async t2 => {
     t2.plan(2)
     const response = await app.inject({
       method: 'GET',
@@ -165,4 +165,13 @@ test(`local'`, async t => {
     t2.equal(response.statusCode, 200)
     t2.same(response.json(), { status: 'enabled' })
   })
+  t.test('should return 200 when GET artifacts/status is calle without auth header', async t2 => {
+    t2.plan(2)
+    const response = await app.inject({
+      method: 'GET',
+      url: `/v8/artifacts/status`,
+    })
+    t2.equal(response.statusCode, 200)
+    t2.same(response.json(), { status: 'enabled' })
+  })
 })