Can disable auth

virtweb_backend/src/app_config.rs

@@ -33,6 +33,11 @@ pub struct AppConfig {
     #[arg(long, env, default_value = "admin")]
     pub auth_password: String,
 
+    /// Disable authentication WARNING! THIS IS UNSECURE, it was designed only for development
+    /// purpose, it should NEVER be used in production
+    #[arg(long, env)]
+    pub unsecure_disable_auth: bool,
+
     /// Disable local auth
     #[arg(long, env)]
     pub disable_local_auth: bool,

virtweb_backend/src/controllers/auth_controller.rs

@@ -124,7 +124,7 @@ struct CurrentUser {
 /// Get current authenticated user
 pub async fn current_user(auth: AuthExtractor) -> impl Responder {
     HttpResponse::Ok().json(CurrentUser {
-        id: auth.id().unwrap(),
+        id: auth.id().unwrap_or_else(|| "Anonymous".to_string()),
     })
 }
 

virtweb_backend/src/controllers/server_controller.rs

@@ -11,6 +11,7 @@ pub async fn root_index() -> impl Responder {
 
 #[derive(serde::Serialize)]
 struct StaticConfig {
+    auth_disabled: bool,
     local_auth_enabled: bool,
     oidc_auth_enabled: bool,
     iso_mimetypes: &'static [&'static str],
@@ -19,6 +20,7 @@ struct StaticConfig {
 
 pub async fn static_config(local_auth: LocalAuthEnabled) -> impl Responder {
     HttpResponse::Ok().json(StaticConfig {
+        auth_disabled: AppConfig::get().unsecure_disable_auth,
         local_auth_enabled: *local_auth,
         oidc_auth_enabled: !AppConfig::get().disable_oidc,
         iso_mimetypes: &constants::ALLOWED_ISO_MIME_TYPES,

virtweb_backend/src/middlewares/auth_middleware.rs

@@ -1,6 +1,7 @@
 use std::future::{ready, Ready};
 use std::rc::Rc;
 
+use crate::app_config::AppConfig;
 use crate::constants;
 use crate::extractors::auth_extractor::AuthExtractor;
 use actix_web::body::EitherBody;
@@ -60,8 +61,10 @@ where
         let service = Rc::clone(&self.service);
 
         Box::pin(async move {
+            let auth_disabled = AppConfig::get().unsecure_disable_auth;
+
             // Check authentication, if required
-            if !constants::ROUTES_WITHOUT_AUTH.contains(&req.path()) {
+            if !auth_disabled && !constants::ROUTES_WITHOUT_AUTH.contains(&req.path()) {
                 let auth = match AuthExtractor::from_request(req.request(), &mut Payload::None)
                     .into_inner()
                 {

virtweb_frontend/src/App.tsx

@@ -13,6 +13,7 @@ import { BaseAuthenticatedPage } from "./widgets/BaseAuthenticatedPage";
 import { LoginRoute } from "./routes/auth/LoginRoute";
 import { AuthApi } from "./api/AuthApi";
 import { IsoFilesRoute } from "./routes/IsoFilesRoute";
+import { ServerApi } from "./api/ServerApi";
 
 interface AuthContext {
   signedIn: boolean;
@@ -31,7 +32,7 @@ export function App() {
 
   const router = createBrowserRouter(
     createRoutesFromElements(
-      signedIn ? (
+      signedIn || ServerApi.Config.auth_disabled ? (
         <Route path="*" element={<BaseAuthenticatedPage />}>
           <Route path="iso" element={<IsoFilesRoute />} />
           <Route path="*" element={<NotFoundRoute />} />

virtweb_frontend/src/api/ServerApi.ts

@@ -1,6 +1,7 @@
 import { APIClient } from "./ApiClient";
 
 export interface ServerConfig {
+  auth_disabled: boolean;
   local_auth_enabled: boolean;
   oidc_auth_enabled: boolean;
   iso_mimetypes: string[];