Always allow requests to /v1/keeper/system/health and /v1/keeper/system/ready in MachineAuthFilter.

byteduck-exploit · byteduck-exploit · commit ed2e380aed58 · 2025-07-25T10:31:25.000+02:00
diff --git a/src/main/kotlin/org/exploit/keeper/filter/MachineAuthFilter.kt b/src/main/kotlin/org/exploit/keeper/filter/MachineAuthFilter.kt
@@ -18,6 +18,11 @@ class MachineAuthFilter(
     private val config: KeeperConfig,
     private val authenticator: RequestAuthenticator
 ): ContainerRequestFilter {
+    private val publicPaths = listOf(
+        "/v1/keeper/system/health",
+        "/v1/keeper/system/ready"
+    )
+
     private val matchers = listOf(
         AntPathMatcher.of("/v1/keeper/sign/**"),
         AntPathMatcher.of("/v1/keeper/publicKey/**"),
@@ -28,6 +33,9 @@ class MachineAuthFilter(
     override fun filter(ctx: ContainerRequestContext) {
         val path = ctx.uriInfo.requestUri.getPath()
 
+        if (path in publicPaths)
+            return
+
         if (matchers.none { it.matches(path) })
             return
 
