From c7ccad3254cb1217ef59e080b1aba3ad831de987 Mon Sep 17 00:00:00 2001
From: wendtek <wendtek@gmail.com>
Date: Fri, 12 Nov 2021 12:56:01 -0600
Subject: [PATCH 1/2] fix: allow requests to /healthz without authentication

---
 server/middleware.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/middleware.go b/server/middleware.go
index 4a8ec444d4..35dee9a53c 100644
--- a/server/middleware.go
+++ b/server/middleware.go
@@ -43,7 +43,7 @@ type RequestLogger struct {
 func (l *RequestLogger) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
 	l.logger.Debug("%s %s – from %s", r.Method, r.URL.RequestURI(), r.RemoteAddr)
 	allowed := false
-	if r.URL.Path == "/events" || !l.WebAuthentication {
+	if !l.WebAuthentication || r.URL.Path == "/events" || r.URL.Path == "/healthz" {
 		allowed = true
 	} else {
 		user, pass, ok := r.BasicAuth()

From f8002770518aff2eb6a43cfa5ccbe2f9bc485f29 Mon Sep 17 00:00:00 2001
From: wendtek <wendtek@gmail.com>
Date: Fri, 12 Nov 2021 13:34:39 -0600
Subject: [PATCH 2/2] allow unauthed requests to /status

---
 server/middleware.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/middleware.go b/server/middleware.go
index 35dee9a53c..e51ed1775a 100644
--- a/server/middleware.go
+++ b/server/middleware.go
@@ -43,7 +43,10 @@ type RequestLogger struct {
 func (l *RequestLogger) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
 	l.logger.Debug("%s %s – from %s", r.Method, r.URL.RequestURI(), r.RemoteAddr)
 	allowed := false
-	if !l.WebAuthentication || r.URL.Path == "/events" || r.URL.Path == "/healthz" {
+	if !l.WebAuthentication ||
+		r.URL.Path == "/events" ||
+		r.URL.Path == "/healthz" ||
+		r.URL.Path == "/status" {
 		allowed = true
 	} else {
 		user, pass, ok := r.BasicAuth()