summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorPeter Stone <thepeterstone@gmail.com>2026-07-05 09:22:27 +0000
committerPeter Stone <thepeterstone@gmail.com>2026-07-05 09:22:27 +0000
commit1c88981cbb5a95ee84e2a61cf9eb2e547c37253b (patch)
tree75e6e5e8703c3ffd5ca9b29176a26cddf0956889 /cmd
parent8ca820b05e9e699a7b563a2e37ff2a0629a5505a (diff)
parent24a87b9e979abe6c2ba23421293dc0cd8cb6d65f (diff)
Merge deploy/master (gateway/proxy fixes) with doot-native task completion fix
Reconciles diverged histories: deploy/master had gateway proxy Host-header and publicPaths fixes that were never synced back to local/github; this branch had the native-task Tasks-tab/completion fix. Merging both.
Diffstat (limited to 'cmd')
-rw-r--r--cmd/dashboard/main.go8
1 files changed, 7 insertions, 1 deletions
diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go
index 7e58125..fc26c06 100644
--- a/cmd/dashboard/main.go
+++ b/cmd/dashboard/main.go
@@ -169,7 +169,8 @@ func main() {
name string
upstream string
prefix string
- webhookPaths []string // POST paths that bypass session auth (e.g. HMAC-signed webhooks)
+ webhookPaths []string // POST-only paths that bypass session auth (e.g. HMAC-signed webhooks)
+ publicPaths []string // all-method paths that bypass session auth (protected by service-level bearer token)
}
mounts := []serviceMount{
{
@@ -177,6 +178,7 @@ func main() {
upstream: cfg.ClaudomatorURL,
prefix: "/claudomator",
webhookPaths: []string{"/claudomator/api/webhooks/github"},
+ publicPaths: []string{"/claudomator/chatbot/mcp"},
},
}
if cfg.PlaygroundURL != "" {
@@ -281,6 +283,10 @@ func main() {
for _, wp := range m.webhookPaths {
r.Post(wp, proxy.ServeHTTP)
}
+ // Public all-method paths bypass session auth (rely on service-level bearer token)
+ for _, pp := range m.publicPaths {
+ r.Handle(pp, http.HandlerFunc(proxy.ServeHTTP))
+ }
// All other routes require auth + origin check (CSRF protection for proxy)
r.Group(func(r chi.Router) {