From fc1d4f2082a5a4d26305d40baeec209937127684 Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Wed, 1 Apr 2026 17:07:14 +0300
Subject: [PATCH] refactor: use better ignore paths in context middleware
 (#743)

---
 internal/middleware/context_middleware.go | 33 +++++++++++++++++++----
 internal/middleware/zerolog_middleware.go |  5 ++--
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/internal/middleware/context_middleware.go b/internal/middleware/context_middleware.go
index f317b15..e2ae45b 100644
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -1,7 +1,6 @@
 package middleware
 
 import (
-	"slices"
 	"strings"
 	"time"
 
@@ -13,7 +12,24 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-var OIDCIgnorePaths = []string{"/api/oidc/token", "/api/oidc/userinfo"}
+// Gin won't let us set a middleware on a specific route (at least it doesn't work,
+// see https://github.com/gin-gonic/gin/issues/531) so we have to do some hackery
+var (
+	contextSkipPathsPrefix = []string{
+		"GET /api/context/app",
+		"GET /api/healthz",
+		"HEAD /api/healthz",
+		"GET /api/oauth/url",
+		"GET /api/oauth/callback",
+		"GET /api/oidc/clients",
+		"POST /api/oidc/token",
+		"GET /api/oidc/userinfo",
+		"GET /resources",
+		"POST /api/user/login",
+		"GET /.well-known/openid-configuration",
+		"GET /.well-known/jwks.json",
+	}
+)
 
 type ContextMiddlewareConfig struct {
 	CookieDomain string
@@ -39,9 +55,7 @@ func (m *ContextMiddleware) Init() error {
 
 func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// There is no point in trying to get credentials if it's an OIDC endpoint
-		path := c.Request.URL.Path
-		if slices.Contains(OIDCIgnorePaths, strings.TrimSuffix(path, "/")) {
+		if m.isIgnorePath(c.Request.Method + " " + c.Request.URL.Path) {
 			c.Next()
 			return
 		}
@@ -224,3 +238,12 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 		c.Next()
 	}
 }
+
+func (m *ContextMiddleware) isIgnorePath(path string) bool {
+	for _, prefix := range contextSkipPathsPrefix {
+		if strings.HasPrefix(path, prefix) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/internal/middleware/zerolog_middleware.go b/internal/middleware/zerolog_middleware.go
index b88556b..635d74d 100644
--- a/internal/middleware/zerolog_middleware.go
+++ b/internal/middleware/zerolog_middleware.go
@@ -8,10 +8,11 @@ import (
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 )
 
+// See context middleware for explanation of why we have to do this
 var (
 	loggerSkipPathsPrefix = []string{
-		"GET /api/health",
-		"HEAD /api/health",
+		"GET /api/healthz",
+		"HEAD /api/healthz",
 		"GET /favicon.ico",
 	}
 )