Fixed trigger check (#251)

Author: Skarlso

handlers/auth.go

@@ -18,19 +18,23 @@ var (
 	errNotAuthorized = errors.New("no or invalid jwt token provided. You are not authorized")
 
 	// Non-protected URL paths which are prefix checked
-	nonProtectedPathsPrefix = []string {
+	nonProtectedPathsPrefix = []string{
 		"/login",
 		"/pipeline/githook",
-		"/trigger",
 		"/worker/register",
 		"/js/",
 		"/img/",
 		"/fonts/",
 		"/css/",
 	}
 
+	// Non-protected URL paths which are suffix checked
+	nonProtectedPathsSuffix = []string{
+		"/trigger",
+	}
+
 	// Non-protected URL paths which are explicitly checked
-	nonProtectedPaths = []string {
+	nonProtectedPaths = []string{
 		"/",
 		"/favicon.ico",
 	}
@@ -59,6 +63,14 @@ func AuthMiddleware(roleAuth *AuthConfig) echo.MiddlewareFunc {
 				}
 			}
 
+			// Check if it matches a suffix-based paths
+			for _, suffix := range nonProtectedPathsSuffix {
+				switch {
+				case strings.HasSuffix(c.Path(), suffix):
+					return next(c)
+				}
+			}
+
 			token, err := getToken(c)
 			if err != nil {
 				return c.String(http.StatusUnauthorized, err.Error())