From 4f05c972d5fa85f08daaec23ea9b3888612d5d5d Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Sat, 9 Dec 2023 16:17:11 +0800
Subject: [PATCH] chore: fix jwt acl

---
 api/v1/jwt.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/v1/jwt.go b/api/v1/jwt.go
index 5599ede4..f83ec264 100644
--- a/api/v1/jwt.go
+++ b/api/v1/jwt.go
@@ -62,7 +62,7 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 		}
 
 		// Skip validation for server status endpoints.
-		if util.HasPrefixes(path, "/api/v1/ping", "/api/v1/idp", "/api/v1/status") && method == http.MethodGet {
+		if util.HasPrefixes(path, "/api/v1/ping", "/api/v1/status") && method == http.MethodGet {
 			return next(c)
 		}
 
@@ -73,7 +73,7 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 				return next(c)
 			}
 			// When the request is not authenticated, we allow the user to access the memo endpoints for those public memos.
-			if util.HasPrefixes(path, "/api/v1/memo", "/api/v1/user") && path != "/api/v1/user" && method == http.MethodGet {
+			if util.HasPrefixes(path, "/api/v1/idp", "/api/v1/memo", "/api/v1/user") && path != "/api/v1/user" && method == http.MethodGet {
 				return next(c)
 			}
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")