From f06602163622f777420218f517d50f7d2658a7e3 Mon Sep 17 00:00:00 2001
From: Ettore Di Giacinto <mudler@localai.io>
Date: Mon, 1 Dec 2025 09:11:22 +0100
Subject: [PATCH] fix: do not require auth for readyz/healthz endpoints

Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
---
 core/config/application_config.go | 11 +++++++++++
 core/http/middleware/auth.go      | 19 ++++---------------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/core/config/application_config.go b/core/config/application_config.go
index 6f94a04a496b..4d770179b1f3 100644
--- a/core/config/application_config.go
+++ b/core/config/application_config.go
@@ -72,6 +72,8 @@ type ApplicationConfig struct {
 	DisableRuntimeSettings bool
 
 	AgentJobRetentionDays int // Default: 30 days
+
+	PathWithoutAuth []string
 }
 
 type AppOption func(*ApplicationConfig)
@@ -82,6 +84,15 @@ func NewApplicationConfig(o ...AppOption) *ApplicationConfig {
 		UploadLimitMB:         15,
 		Debug:                 true,
 		AgentJobRetentionDays: 30, // Default: 30 days
+		PathWithoutAuth: []string{
+			"/static/",
+			"/generated-audio/",
+			"/generated-images/",
+			"/generated-videos/",
+			"/favicon.svg",
+			"/readyz",
+			"/healthz",
+		},
 	}
 	for _, oo := range o {
 		oo(opt)
diff --git a/core/http/middleware/auth.go b/core/http/middleware/auth.go
index 2538b795e992..4dde8f73260a 100644
--- a/core/http/middleware/auth.go
+++ b/core/http/middleware/auth.go
@@ -156,21 +156,10 @@ func getApiKeyRequiredFilterFunction(applicationConfig *config.ApplicationConfig
 	return func(c echo.Context) bool {
 		path := c.Request().URL.Path
 
-		// Always skip authentication for static files
-		if strings.HasPrefix(path, "/static/") {
-			return true
-		}
-
-		// Always skip authentication for generated content
-		if strings.HasPrefix(path, "/generated-audio/") ||
-			strings.HasPrefix(path, "/generated-images/") ||
-			strings.HasPrefix(path, "/generated-videos/") {
-			return true
-		}
-
-		// Skip authentication for favicon
-		if path == "/favicon.svg" {
-			return true
+		for _, p := range applicationConfig.PathWithoutAuth {
+			if strings.HasPrefix(path, p) {
+				return true
+			}
 		}
 
 		// Handle GET request exemptions if enabled