From fd88492b00cafb4cdfd381729b2acb72eaaecfba Mon Sep 17 00:00:00 2001
From: Virgil <virgil@lethean.io>
Date: Sat, 4 Apr 2026 23:51:37 +0000
Subject: [PATCH] fix(proxy): honour monitoring restriction flag

Co-Authored-By: Virgil <virgil@lethean.io>
---
 http_auth_test.go | 10 +++++-----
 state_impl.go     |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/http_auth_test.go b/http_auth_test.go
index 76b69d6..5461792 100644
--- a/http_auth_test.go
+++ b/http_auth_test.go
@@ -49,7 +49,7 @@ func TestProxy_allowHTTP_Bad(t *testing.T) {
 	}
 }
 
-func TestProxy_allowHTTP_MethodRestricted_Bad(t *testing.T) {
+func TestProxy_allowHTTP_Unrestricted_Good(t *testing.T) {
 	p := &Proxy{
 		config: &Config{
 			HTTP: HTTPConfig{},
@@ -57,11 +57,11 @@ func TestProxy_allowHTTP_MethodRestricted_Bad(t *testing.T) {
 	}
 
 	status, ok := p.allowMonitoringRequest(&http.Request{Method: http.MethodPost})
-	if ok {
-		t.Fatal("expected non-GET request to be rejected")
+	if !ok {
+		t.Fatalf("expected unrestricted request to pass, got status %d", status)
 	}
-	if status != http.StatusMethodNotAllowed {
-		t.Fatalf("expected status %d, got %d", http.StatusMethodNotAllowed, status)
+	if status != http.StatusOK {
+		t.Fatalf("expected status %d, got %d", http.StatusOK, status)
 	}
 }
 
diff --git a/state_impl.go b/state_impl.go
index c7c321d..ddda890 100644
--- a/state_impl.go
+++ b/state_impl.go
@@ -643,7 +643,7 @@ func (p *Proxy) allowMonitoringRequest(r *http.Request) (int, bool) {
 	if p == nil {
 		return http.StatusServiceUnavailable, false
 	}
-	if r.Method != http.MethodGet {
+	if p.config != nil && p.config.HTTP.Restricted && r.Method != http.MethodGet {
 		return http.StatusMethodNotAllowed, false
 	}
 	if token := p.config.HTTP.AccessToken; token != "" {