feat: make authentication optional — no tokens = no auth
Lint & Test / test (push) Successful in 10s
Lint & Test / test (push) Successful in 10s
When no api_tokens are configured (the new default), all endpoints are accessible without authentication. The frontend detects this via /api/health's auth_required field and skips the login form. - Backend: auth.py skips verification when api_tokens is empty - Frontend: shared getAuthHeaders()/hasCredentials() helpers replace scattered token logic across all JS modules - Health endpoint exposes auth_required for frontend discovery - config.example.yaml ships with tokens commented out - CLI --show-token and startup log reflect disabled state Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -300,8 +300,7 @@ function updateAllText() {
|
||||
document.getElementById('sourceIcon').innerHTML = initSrc?.icon || '';
|
||||
}
|
||||
|
||||
const token = localStorage.getItem('media_server_token');
|
||||
if (token) {
|
||||
if (hasCredentials()) {
|
||||
if (_loadScriptsTable) _loadScriptsTable();
|
||||
if (_loadCallbacksTable) _loadCallbacksTable();
|
||||
if (_loadLinksTable) _loadLinksTable();
|
||||
@@ -396,19 +395,39 @@ export function showConfirm(message) {
|
||||
});
|
||||
}
|
||||
|
||||
// ============================================================
|
||||
// Auth Helpers
|
||||
// ============================================================
|
||||
|
||||
// Set to false when server reports auth_required: false
|
||||
export let authRequired = true;
|
||||
export function setAuthRequired(value) { authRequired = value; }
|
||||
|
||||
/**
|
||||
* Build Authorization headers for API requests.
|
||||
* Returns empty object when auth is disabled or no token is stored.
|
||||
*/
|
||||
export function getAuthHeaders() {
|
||||
const token = localStorage.getItem('media_server_token');
|
||||
return token ? { 'Authorization': `Bearer ${token}` } : {};
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if we have sufficient credentials to call the API.
|
||||
* True when auth is disabled OR a token is stored.
|
||||
*/
|
||||
export function hasCredentials() {
|
||||
return !authRequired || !!localStorage.getItem('media_server_token');
|
||||
}
|
||||
|
||||
// ============================================================
|
||||
// API Commands
|
||||
// ============================================================
|
||||
|
||||
export async function sendCommand(endpoint, body = null) {
|
||||
const token = localStorage.getItem('media_server_token');
|
||||
|
||||
const options = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${token}`,
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
headers: { 'Content-Type': 'application/json', ...getAuthHeaders() },
|
||||
};
|
||||
|
||||
if (body) {
|
||||
|
||||
Reference in New Issue
Block a user