fix: allow health checks in security config and enterprise filter

2025-12-30 20:06:30 +01:00 · 2025-12-16 00:10:29 +05:30 · 2025-12-16 00:10:29 +05:30 · 27068593d6
commit 27068593d6
parent 5f72c05623
2 changed files with 25 additions and 9 deletions
--- a/app/common/src/main/java/stirling/software/common/util/RequestUriUtils.java
+++ b/app/common/src/main/java/stirling/software/common/util/RequestUriUtils.java
@ -38,12 +38,12 @@ public class RequestUriUtils {
        }

        // Specific static files bundled with the frontend
-        if (normalizedUri.equals("/robots.txt")
-                || normalizedUri.equals("/favicon.ico")
-                || normalizedUri.equals("/manifest.json")
-                || normalizedUri.equals("/site.webmanifest")
-                || normalizedUri.equals("/manifest-classic.json")
-                || normalizedUri.equals("/index.html")) {
+        if ("/robots.txt".equals(normalizedUri)
+                || "/favicon.ico".equals(normalizedUri)
+                || "/manifest.json".equals(normalizedUri)
+                || "/site.webmanifest".equals(normalizedUri)
+                || "/manifest-classic.json".equals(normalizedUri)
+                || "/index.html".equals(normalizedUri)) {
            return true;
        }

@ -168,7 +168,13 @@ public class RequestUriUtils {
                        "/api/v1/ui-data/footer-info") // Public footer configuration
                || trimmedUri.startsWith("/api/v1/invite/validate")
                || trimmedUri.startsWith("/api/v1/invite/accept")
-                || trimmedUri.startsWith("/v1/api-docs");
+                || trimmedUri.startsWith("/v1/api-docs")
+                // Health Endoints
+                || trimmedUri.startsWith("/actuator/health")
+                || trimmedUri.startsWith("/health")
+                || trimmedUri.startsWith("/healthz")
+                || trimmedUri.startsWith("/liveness")
+                || trimmedUri.startsWith("/readiness");
    }

    private static String stripContextPath(String contextPath, String requestURI) {
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/EnterpriseEndpointFilter.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/EnterpriseEndpointFilter.java
@ -26,8 +26,18 @@ public class EnterpriseEndpointFilter extends OncePerRequestFilter {
            throws ServletException, IOException {

        if (!runningProOrHigher && isPrometheusEndpointRequest(request)) {
-            response.setStatus(HttpStatus.NOT_FOUND.value());
-            return;
+            // Allow only health checks to pass through for non-pro users
+            String uri = request.getRequestURI();
+            boolean isHealthCheck =
+                    uri.contains("/actuator/health")
+                            || uri.contains("/healthz")
+                            || uri.contains("/liveness")
+                            || uri.contains("/readiness");
+
+            if (!isHealthCheck) {
+                response.setStatus(HttpStatus.NOT_FOUND.value());
+                return;
+            }
        }
        filterChain.doFilter(request, response);
    }