Enable authentication middleware for API routes

- Uncomment and activate AuthMiddleware in router configuration
- Add conditional skip for ping endpoint in authentication middleware
- Restore authentication checks for both release and debug modes

api/router.go

@@ -7,8 +7,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
 	"gitlab.com/tensorsecurity-rd/waf-console/internal/config"
-
-	//"gitlab.com/tensorsecurity-rd/waf-console/internal/middleware"
+	"gitlab.com/tensorsecurity-rd/waf-console/internal/middleware"
 	"gitlab.com/tensorsecurity-rd/waf-console/internal/utils"
 	"gorm.io/gorm"
 )
@@ -21,7 +20,7 @@ func SetRouters(db *gorm.DB, clusterClientManager *utils.ClusterClientManager, g
 		log.Info().Msg("release mode")
 		engine = ReleaseRouter()
 		engine.Use(
-		// middleware.AuthMiddleware(ssoUrl),
+			middleware.AuthMiddleware(ssoUrl),
 		// middleware.RequestCostHandler(),
 		// middleware.CustomLogger(),
 		// middleware.CustomRecovery(),
@@ -33,7 +32,7 @@ func SetRouters(db *gorm.DB, clusterClientManager *utils.ClusterClientManager, g
 		log.Info().Msg("debug mode")
 		engine = gin.New()
 		engine.Use(
-			// middleware.AuthMiddleware(ssoUrl),
+			middleware.AuthMiddleware(ssoUrl),
 			gin.Logger(),
 			// middleware.CustomRecovery(),
 			// middleware.CorsHandler(),

internal/middleware/auth.go

@@ -17,6 +17,11 @@ const (
 // AuthMiddleware validates the auth cookie with SSO service
 func AuthMiddleware(ssoUrl string) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		// skip ping
+		if c.Request.URL.Path != "/ping" {
+			c.Next()
+			return
+		}
 		// Get auth cookie
 		cookies := c.Request.Cookies()
 		if len(cookies) == 0 {