Skip to content

Commit ec92054

Browse files
committed
fix(plugins): resolve gateway auth against active http route registry
1 parent 78a4d12 commit ec92054

File tree

2 files changed

+32
-1
lines changed

2 files changed

+32
-1
lines changed

src/gateway/server/plugins-http.test.ts

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -461,4 +461,31 @@ describe("plugin HTTP route auth checks", () => {
461461
});
462462
expect(shouldEnforceGatewayAuthForPluginPath(registry, "/plugin/secure/report")).toBe(true);
463463
});
464+
465+
it("prefers the active route registry for auth checks when the explicit registry is stale", () => {
466+
const startupRegistry = createTestRegistry();
467+
const staleExplicitRegistry = createTestRegistry({
468+
httpRoutes: [createRoute({ path: "/plugins/diffs", auth: "plugin" })],
469+
});
470+
471+
setActivePluginRegistry(createTestRegistry());
472+
pinActivePluginHttpRouteRegistry(startupRegistry);
473+
474+
const unregister = registerPluginHttpRoute({
475+
path: "/bluebubbles-webhook",
476+
auth: "gateway",
477+
handler: () => true,
478+
});
479+
480+
try {
481+
expect(
482+
shouldEnforceGatewayAuthForPluginPath(staleExplicitRegistry, "/bluebubbles-webhook"),
483+
).toBe(true);
484+
expect(shouldEnforceGatewayAuthForPluginPath(staleExplicitRegistry, "/plugins/diffs")).toBe(
485+
false,
486+
);
487+
} finally {
488+
unregister();
489+
}
490+
});
464491
});

src/gateway/server/plugins-http/route-auth.ts

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import type { PluginRegistry } from "../../../plugins/registry.js";
2+
import { resolveActivePluginHttpRouteRegistry } from "../../../plugins/runtime.js";
23
import {
34
isProtectedPluginRoutePathFromContext,
45
resolvePluginRoutePathContext,
@@ -26,5 +27,8 @@ export function shouldEnforceGatewayAuthForPluginPath(
2627
if (isProtectedPluginRoutePathFromContext(pathContext)) {
2728
return true;
2829
}
29-
return matchedPluginRoutesRequireGatewayAuth(findMatchingPluginHttpRoutes(registry, pathContext));
30+
const activeRegistry = resolveActivePluginHttpRouteRegistry(registry);
31+
return matchedPluginRoutesRequireGatewayAuth(
32+
findMatchingPluginHttpRoutes(activeRegistry, pathContext),
33+
);
3034
}

0 commit comments

Comments
 (0)