Skip to content

adding maintenance mode check at start of domain middleware #2369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
HughParry wants to merge 1 commit into
base: main
Choose a base branch
from
Open

adding maintenance mode check at start of domain middleware #2369

HughParry wants to merge 1 commit into from

Conversation

@HughParry
Copy link
Contributor

@HughParry HughParry commented Jan 28, 2026

No description provided.

@HughParry HughParry requested a review from forgetso as a code owner January 28, 2026 14:55
Copilot AI review requested due to automatic review settings January 28, 2026 14:55
@HughParry HughParry requested a review from goastler as a code owner January 28, 2026 14:55
Copilot AI reviewed Jan 28, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a maintenance mode check at the beginning of the domain middleware to skip domain validation when the system is in maintenance mode.

Changes:

  • Added early return in domain middleware when maintenance mode is active
  • Imported getMaintenanceMode function to check maintenance status
  • Added changeset documenting the patch

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
packages/provider/src/api/domainMiddleware.ts Added maintenance mode check with early return to skip domain validation
.changeset/silver-tires-fold.md Added changeset entry documenting the maintenance mode feature

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

packages/provider/src/api/domainMiddleware.ts
Comment on lines +30 to +35
// If maintenance mode is active, skip domain validation
if (getMaintenanceMode()) {
req.logger.info(() => ({
msg: "Maintenance mode active - skipping domain validation",
}));
next();
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When maintenance mode is active, the middleware skips domain validation entirely but still processes requests. This could allow unauthorized requests to bypass critical security checks. Consider either: (1) returning a 503 Service Unavailable response instead of proceeding, or (2) ensuring that subsequent middleware/handlers properly validate that maintenance mode requests are authorized.

Suggested change
// If maintenance mode is active, skip domain validation
if (getMaintenanceMode()) {
req.logger.info(() => ({
msg: "Maintenance mode active - skipping domain validation",
}));
next();
// If maintenance mode is active, return 503 Service Unavailable
if (getMaintenanceMode()) {
req.logger.info(() => ({
msg: "Maintenance mode active - rejecting request with 503",
}));
res.status(503).json({
error: "ServiceUnavailable",
message: "Service is temporarily unavailable due to maintenance",
});

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@forgetso forgetso Awaiting requested review from forgetso forgetso is a code owner

@goastler goastler Awaiting requested review from goastler goastler is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HughParry