diff options
| author | Peter Stone <thepeterstone@gmail.com> | 2026-07-05 09:22:27 +0000 |
|---|---|---|
| committer | Peter Stone <thepeterstone@gmail.com> | 2026-07-05 09:22:27 +0000 |
| commit | 1c88981cbb5a95ee84e2a61cf9eb2e547c37253b (patch) | |
| tree | 75e6e5e8703c3ffd5ca9b29176a26cddf0956889 /cmd/dashboard | |
| parent | 8ca820b05e9e699a7b563a2e37ff2a0629a5505a (diff) | |
| parent | 24a87b9e979abe6c2ba23421293dc0cd8cb6d65f (diff) | |
Merge deploy/master (gateway/proxy fixes) with doot-native task completion fix
Reconciles diverged histories: deploy/master had gateway proxy Host-header
and publicPaths fixes that were never synced back to local/github; this
branch had the native-task Tasks-tab/completion fix. Merging both.
Diffstat (limited to 'cmd/dashboard')
| -rw-r--r-- | cmd/dashboard/main.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go index 7e58125..fc26c06 100644 --- a/cmd/dashboard/main.go +++ b/cmd/dashboard/main.go @@ -169,7 +169,8 @@ func main() { name string upstream string prefix string - webhookPaths []string // POST paths that bypass session auth (e.g. HMAC-signed webhooks) + webhookPaths []string // POST-only paths that bypass session auth (e.g. HMAC-signed webhooks) + publicPaths []string // all-method paths that bypass session auth (protected by service-level bearer token) } mounts := []serviceMount{ { @@ -177,6 +178,7 @@ func main() { upstream: cfg.ClaudomatorURL, prefix: "/claudomator", webhookPaths: []string{"/claudomator/api/webhooks/github"}, + publicPaths: []string{"/claudomator/chatbot/mcp"}, }, } if cfg.PlaygroundURL != "" { @@ -281,6 +283,10 @@ func main() { for _, wp := range m.webhookPaths { r.Post(wp, proxy.ServeHTTP) } + // Public all-method paths bypass session auth (rely on service-level bearer token) + for _, pp := range m.publicPaths { + r.Handle(pp, http.HandlerFunc(proxy.ServeHTTP)) + } // All other routes require auth + origin check (CSRF protection for proxy) r.Group(func(r chi.Router) { |
