diff --git a/virtweb_backend/src/app_config.rs b/virtweb_backend/src/app_config.rs
index 7917342..2eec386 100644
--- a/virtweb_backend/src/app_config.rs
+++ b/virtweb_backend/src/app_config.rs
@@ -33,6 +33,11 @@ pub struct AppConfig {
#[arg(long, env, default_value = "admin")]
pub auth_password: String,
+ /// Disable authentication WARNING! THIS IS UNSECURE, it was designed only for development
+ /// purpose, it should NEVER be used in production
+ #[arg(long, env)]
+ pub unsecure_disable_auth: bool,
+
/// Disable local auth
#[arg(long, env)]
pub disable_local_auth: bool,
diff --git a/virtweb_backend/src/controllers/auth_controller.rs b/virtweb_backend/src/controllers/auth_controller.rs
index 165ff15..c69b0fa 100644
--- a/virtweb_backend/src/controllers/auth_controller.rs
+++ b/virtweb_backend/src/controllers/auth_controller.rs
@@ -124,7 +124,7 @@ struct CurrentUser {
/// Get current authenticated user
pub async fn current_user(auth: AuthExtractor) -> impl Responder {
HttpResponse::Ok().json(CurrentUser {
- id: auth.id().unwrap(),
+ id: auth.id().unwrap_or_else(|| "Anonymous".to_string()),
})
}
diff --git a/virtweb_backend/src/controllers/server_controller.rs b/virtweb_backend/src/controllers/server_controller.rs
index 936d2ec..cc1ee21 100644
--- a/virtweb_backend/src/controllers/server_controller.rs
+++ b/virtweb_backend/src/controllers/server_controller.rs
@@ -11,6 +11,7 @@ pub async fn root_index() -> impl Responder {
#[derive(serde::Serialize)]
struct StaticConfig {
+ auth_disabled: bool,
local_auth_enabled: bool,
oidc_auth_enabled: bool,
iso_mimetypes: &'static [&'static str],
@@ -19,6 +20,7 @@ struct StaticConfig {
pub async fn static_config(local_auth: LocalAuthEnabled) -> impl Responder {
HttpResponse::Ok().json(StaticConfig {
+ auth_disabled: AppConfig::get().unsecure_disable_auth,
local_auth_enabled: *local_auth,
oidc_auth_enabled: !AppConfig::get().disable_oidc,
iso_mimetypes: &constants::ALLOWED_ISO_MIME_TYPES,
diff --git a/virtweb_backend/src/middlewares/auth_middleware.rs b/virtweb_backend/src/middlewares/auth_middleware.rs
index 0df2020..7374334 100644
--- a/virtweb_backend/src/middlewares/auth_middleware.rs
+++ b/virtweb_backend/src/middlewares/auth_middleware.rs
@@ -1,6 +1,7 @@
use std::future::{ready, Ready};
use std::rc::Rc;
+use crate::app_config::AppConfig;
use crate::constants;
use crate::extractors::auth_extractor::AuthExtractor;
use actix_web::body::EitherBody;
@@ -60,8 +61,10 @@ where
let service = Rc::clone(&self.service);
Box::pin(async move {
+ let auth_disabled = AppConfig::get().unsecure_disable_auth;
+
// Check authentication, if required
- if !constants::ROUTES_WITHOUT_AUTH.contains(&req.path()) {
+ if !auth_disabled && !constants::ROUTES_WITHOUT_AUTH.contains(&req.path()) {
let auth = match AuthExtractor::from_request(req.request(), &mut Payload::None)
.into_inner()
{
diff --git a/virtweb_frontend/src/App.tsx b/virtweb_frontend/src/App.tsx
index 646e7e5..63efd12 100644
--- a/virtweb_frontend/src/App.tsx
+++ b/virtweb_frontend/src/App.tsx
@@ -13,6 +13,7 @@ import { BaseAuthenticatedPage } from "./widgets/BaseAuthenticatedPage";
import { LoginRoute } from "./routes/auth/LoginRoute";
import { AuthApi } from "./api/AuthApi";
import { IsoFilesRoute } from "./routes/IsoFilesRoute";
+import { ServerApi } from "./api/ServerApi";
interface AuthContext {
signedIn: boolean;
@@ -31,7 +32,7 @@ export function App() {
const router = createBrowserRouter(
createRoutesFromElements(
- signedIn ? (
+ signedIn || ServerApi.Config.auth_disabled ? (
}>
} />
} />
diff --git a/virtweb_frontend/src/api/ServerApi.ts b/virtweb_frontend/src/api/ServerApi.ts
index 7c0060b..57c62e3 100644
--- a/virtweb_frontend/src/api/ServerApi.ts
+++ b/virtweb_frontend/src/api/ServerApi.ts
@@ -1,6 +1,7 @@
import { APIClient } from "./ApiClient";
export interface ServerConfig {
+ auth_disabled: boolean;
local_auth_enabled: boolean;
oidc_auth_enabled: boolean;
iso_mimetypes: string[];