From 229d03a690249b9f1cb1bce83eb2f3112a4c2173 Mon Sep 17 00:00:00 2001
From: Luis Pater <webmaster@idotorg.org>
Date: Fri, 15 May 2026 03:59:25 +0800
Subject: [PATCH] feat(auth): add support for disabling auth via metadata

- Added logic to set `auth.Disabled` and update `auth.Status` to `StatusDisabled` when `disabled` metadata is provided and true.
- Updated `objectstore`, `gitstore`, and `postgresstore` implementations to handle the new metadata attribute.

Closes: #2651
---
 internal/store/gitstore.go      | 4 ++++
 internal/store/objectstore.go   | 4 ++++
 internal/store/postgresstore.go | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/internal/store/gitstore.go b/internal/store/gitstore.go
index ba9fe59e2..86bdd5617 100644
--- a/internal/store/gitstore.go
+++ b/internal/store/gitstore.go
@@ -497,6 +497,10 @@ func (s *GitTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth,
 		auth.Attributes["email"] = email
 	}
 	cliproxyauth.ApplyCustomHeadersFromMetadata(auth)
+	if disabled, ok := metadata["disabled"].(bool); ok && disabled {
+		auth.Disabled = true
+		auth.Status = cliproxyauth.StatusDisabled
+	}
 	return auth, nil
 }
 
diff --git a/internal/store/objectstore.go b/internal/store/objectstore.go
index 5626e6c65..0dbbd65be 100644
--- a/internal/store/objectstore.go
+++ b/internal/store/objectstore.go
@@ -604,6 +604,10 @@ func (s *ObjectTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Aut
 		NextRefreshAfter: time.Time{},
 	}
 	cliproxyauth.ApplyCustomHeadersFromMetadata(auth)
+	if disabled, ok := metadata["disabled"].(bool); ok && disabled {
+		auth.Disabled = true
+		auth.Status = cliproxyauth.StatusDisabled
+	}
 	return auth, nil
 }
 
diff --git a/internal/store/postgresstore.go b/internal/store/postgresstore.go
index 43b125003..d9d3053fe 100644
--- a/internal/store/postgresstore.go
+++ b/internal/store/postgresstore.go
@@ -319,6 +319,10 @@ func (s *PostgresStore) List(ctx context.Context) ([]*cliproxyauth.Auth, error)
 			NextRefreshAfter: time.Time{},
 		}
 		cliproxyauth.ApplyCustomHeadersFromMetadata(auth)
+		if disabled, ok := metadata["disabled"].(bool); ok && disabled {
+			auth.Disabled = true
+			auth.Status = cliproxyauth.StatusDisabled
+		}
 		auths = append(auths, auth)
 	}
 	if err = rows.Err(); err != nil {