akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: require auth for geoip-status endpoint

Browse Source 
Remove /api/geoip-status from the middleware public routes allowlist so
unauthenticated requests are rejected before reaching the route handler.
The route handler already has requireUser() for defense-in-depth.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
fuomag9
2026-02-25 01:47:48 +01:00
parent 25e1f2acee
commit 98e5dbc898
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
proxy.ts
-1
View File
@@ -18,7 +18,6 @@ export default auth((req) => {
pathname === "/login" || pathname === "/login" ||
pathname.startsWith("/api/auth") || pathname.startsWith("/api/auth") ||
pathname === "/api/health" || pathname === "/api/health" ||
pathname === "/api/geoip-status" ||
pathname === "/api/instances/sync" pathname === "/api/instances/sync"
) { ) {
return NextResponse.next(); return NextResponse.next();