Remove dead code, secure debug endpoints, fix encapsulation

internal/server/server.go

@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"strings"
 	"sync/atomic"
-	"time"
 
 	"github.com/gin-gonic/gin"
 
@@ -47,7 +46,6 @@ func New(cfg *config.Config, pool *auth.Pool, profile *proxy.SniffedProfile) *Se
 
 	engine.POST("/reload", s.handleReload())
 	engine.POST("/debug/refresh", handleDebugRefresh(pool))
-	engine.POST("/debug/shutdown", handleDebugShutdown(s))
 	engine.GET("/healthz", func(c *gin.Context) {
 		c.JSON(http.StatusOK, gin.H{"status": "ok"})
 	})
@@ -100,19 +98,6 @@ func (s *Server) handleReload() gin.HandlerFunc {
 	}
 }
 
-func handleDebugShutdown(s *Server) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{"status": "shutting down"})
-		go func() {
-			ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-			defer cancel()
-			if err := s.Shutdown(ctx); err != nil {
-				log.Printf("shutdown error: %v", err)
-			}
-		}()
-	}
-}
-
 func handleDebugRefresh(pool *auth.Pool) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		results := pool.RefreshAll(c.Request.Context())
@@ -146,7 +131,7 @@ func corsMiddleware() gin.HandlerFunc {
 func (s *Server) authMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		path := c.Request.URL.Path
-		if path == "/healthz" || path == "/reload" || strings.HasPrefix(path, "/debug/") {
+		if path == "/healthz" || path == "/reload" {
 			c.Next()
 			return
 		}