alexei.dolgolyov/media-player-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 20 Wiki Activity

feat: make authentication optional — no tokens = no auth
Lint & Test / test (push) Successful in 10s
Details

Browse Source 
When no api_tokens are configured (the new default), all endpoints
are accessible without authentication. The frontend detects this
via /api/health's auth_required field and skips the login form.

- Backend: auth.py skips verification when api_tokens is empty
- Frontend: shared getAuthHeaders()/hasCredentials() helpers replace
  scattered token logic across all JS modules
- Health endpoint exposes auth_required for frontend discovery
- config.example.yaml ships with tokens commented out
- CLI --show-token and startup log reflect disabled state

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Admin
2026-03-23 13:59:55 +03:00
parent f80f6e9299
commit 4d1bb78c83
14 changed files with 175 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files
media_server/auth.py
+20 -2
View File
@@ -15,6 +15,11 @@ security = HTTPBearer(auto_error=False)
token_label_var: ContextVar[str] = ContextVar("token_label", default="unknown")
def auth_enabled() -> bool:
"""Check if authentication is enabled (i.e. at least one token is configured)."""
return bool(settings.api_tokens)
def get_token_label(token: str) -> Optional[str]:
"""Get the label for a token. Returns None if token is invalid.
@@ -36,14 +41,19 @@ async def verify_token(
) -> str:
"""Verify the API token from the Authorization header.
When no tokens are configured, authentication is skipped entirely.
Reuses the label from middleware context when already validated.
Returns:
The token label
The token label (or "anonymous" when auth is disabled)
Raises:
HTTPException: If the token is missing or invalid
HTTPException: If the token is missing or invalid (only when auth enabled)
"""
if not auth_enabled():
token_label_var.set("anonymous")
return "anonymous"
# Reuse label already set by middleware to avoid redundant O(n) scan
existing = token_label_var.get("unknown")
if existing != "unknown":
@@ -80,6 +90,10 @@ class TokenAuth:
credentials: HTTPAuthorizationCredentials = Depends(security),
) -> str | None:
"""Verify the token and return the label or raise an exception."""
if not auth_enabled():
token_label_var.set("anonymous")
return "anonymous"
if credentials is None:
if self.auto_error:
raise HTTPException(
@@ -122,6 +136,10 @@ async def verify_token_or_query(
Raises:
HTTPException: If the token is missing or invalid
"""
if not auth_enabled():
token_label_var.set("anonymous")
return "anonymous"
# Reuse label already set by middleware
existing = token_label_var.get("unknown")
if existing != "unknown":