From b63ebfcb3b8a55c2a88d11a314989e4a1cc9fe83 Mon Sep 17 00:00:00 2001 From: yusing Date: Mon, 4 Nov 2024 00:32:19 +0800 Subject: [PATCH] disabled auth by default (when no JWT secret is specified) --- internal/api/v1/auth/auth.go | 2 +- internal/common/crypto.go | 3 +++ internal/common/env.go | 8 +++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/internal/api/v1/auth/auth.go b/internal/api/v1/auth/auth.go index 40e7089..bbbd6c3 100644 --- a/internal/api/v1/auth/auth.go +++ b/internal/api/v1/auth/auth.go @@ -90,7 +90,7 @@ func LogoutHandler(w http.ResponseWriter, r *http.Request) { } func RequireAuth(next http.HandlerFunc) http.HandlerFunc { - if common.IsDebugSkipAuth { + if common.IsDebugSkipAuth || common.APIJWTSecret == nil { return next } diff --git a/internal/common/crypto.go b/internal/common/crypto.go index f4e9c0b..367025b 100644 --- a/internal/common/crypto.go +++ b/internal/common/crypto.go @@ -23,6 +23,9 @@ func generateJWTKey(size int) string { } func decodeJWTKey(key string) []byte { + if key == "" { + return nil + } bytes, err := base64.StdEncoding.DecodeString(key) if err != nil { log.Panic().Err(err).Msg("failed to decode jwt key") diff --git a/internal/common/env.go b/internal/common/env.go index de0b096..6a3475b 100644 --- a/internal/common/env.go +++ b/internal/common/env.go @@ -33,12 +33,18 @@ var ( APIHTTPPort, APIHTTPURL = GetAddrEnv("GOPROXY_API_ADDR", "127.0.0.1:8888", "http") - APIJWTSecret = decodeJWTKey(GetEnv("GOPROXY_API_JWT_SECRET", generateJWTKey(32))) + APIJWTSecret = decodeJWTKey(GetEnv("GOPROXY_API_JWT_SECRET", "")) APIJWTTokenTTL = GetDurationEnv("GOPROXY_API_JWT_TOKEN_TTL", time.Hour) APIUser = GetEnv("GOPROXY_API_USER", "admin") APIPasswordHash = HashPassword(GetEnv("GOPROXY_API_PASSWORD", "password")) ) +func init() { + if APIJWTSecret == nil { + log.Warn().Msg("API JWT secret is empty, authentication is disabled") + } +} + func GetEnvBool(key string, defaultValue bool) bool { value, ok := os.LookupEnv(key) if !ok || value == "" {