Skip to content

fix(server): exempt /global/health from auth middleware#12867

Closed
Mr-Neutr0n wants to merge 1 commit into
anomalyco:devfrom
Mr-Neutr0n:fix/health-check-auth-exempt
Closed

fix(server): exempt /global/health from auth middleware#12867
Mr-Neutr0n wants to merge 1 commit into
anomalyco:devfrom
Mr-Neutr0n:fix/health-check-auth-exempt

Conversation

@Mr-Neutr0n

@Mr-Neutr0n Mr-Neutr0n commented Feb 9, 2026

Copy link
Copy Markdown

Summary

  • When OPENCODE_SERVER_PASSWORD is set, the Basic Auth middleware was applied to all routes, including /global/health. Health check endpoints should be publicly accessible so monitoring tools and load balancers can verify the server is running without needing credentials.
  • Added a path check in the auth middleware to skip authentication for /global/health.

Fixes #12805

Test plan

  • Start server with OPENCODE_SERVER_PASSWORD set
  • Verify GET /global/health returns 200 without credentials
  • Verify other endpoints still require Basic Auth when OPENCODE_SERVER_PASSWORD is set
  • Verify all endpoints work normally when OPENCODE_SERVER_PASSWORD is not set

@Mr-Neutr0n
Exempt /global/health endpoint from Basic Auth middleware
fef3b4f 
When OPENCODE_SERVER_PASSWORD is set, the auth middleware was applied to
all routes including /global/health. Health check endpoints should be
accessible without authentication so that monitoring tools and load
balancers can verify the server is running.

Skip the basicAuth check when the request path is /global/health.

Fixes anomalyco#12805
@github-actions

github-actions Bot commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

Hey! Your PR title Exempt /global/health from auth middleware doesn't follow conventional commit format.

Please update it to start with one of:

  • feat: or feat(scope): new feature
  • fix: or fix(scope): bug fix
  • docs: or docs(scope): documentation changes
  • chore: or chore(scope): maintenance tasks
  • refactor: or refactor(scope): code refactoring
  • test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

@github-actions

github-actions Bot commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

The following comment was made by an LLM, it may be inaccurate:

No duplicate PRs found

@Mr-Neutr0n Mr-Neutr0n changed the title Exempt /global/health from auth middleware fix(server): exempt /global/health from auth middleware Feb 10, 2026
@m2kar

m2kar commented Mar 20, 2026

Copy link
Copy Markdown

@Mr-Neutr0n Please fix to pass the tests🙏🙏🙏

@github-actions github-actions Bot mentioned this pull request Apr 24, 2026
Closed
@rekram1-node

rekram1-node commented May 15, 2026

Copy link
Copy Markdown
Collaborator

Automated PR Cleanup

Thank you for contributing to opencode.

Due to the high volume of PRs from users and AI agents, we periodically close older PRs using automated criteria so maintainers can focus review time on the most active and community-supported contributions.

This PR was closed because it matched the following cleanup criteria:

  • The PR was created more than 1 month ago
  • The PR had fewer than 2 positive reactions
  • Positive reactions are counted as thumbs-up, heart, celebration, or rocket reactions on the PR

PRs created within the last month are not affected by this cleanup.

If you believe this PR was closed incorrectly, or if you are still actively working on it, please leave a comment explaining why it should be reopened. A maintainer can review and reopen it if appropriate.

Thanks again for taking the time to contribute.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Health check password protected

3 participants

@Mr-Neutr0n @m2kar @rekram1-node