Fix #1318, basic auth is completely disabled if the auth is disabled

2022-03-24 18:02:34 +08:00 · 2022-03-24 18:02:34 +08:00 · d32ba7cadd
parent 775d1696fa
commit d32ba7cadd
1 changed files with 31 additions and 21 deletions
--- a/server/auth.js
+++ b/server/auth.js
@ -31,10 +31,6 @@ exports.login = async function (username, password) {
 };

 function myAuthorizer(username, password, callback) {
-    setting("disableAuth").then((result) => {
-        if (result) {
-            callback(null, true);
-        } else {
    // Login Rate Limit
    loginRateLimiter.pass(null, 0).then((pass) => {
        if (pass) {
@ -49,13 +45,27 @@ function myAuthorizer(username, password, callback) {
            callback(null, false);
        }
    });
-
-        }
-    });
 }

-exports.basicAuth = basicAuth({
+/**
+ * If disabled auth, it does not call `next`.
+ */
+exports.checkBasicAuth = async (req, res, next) => {
+
+};
+
+exports.basicAuth = async function (req, res, next) {
+    const middleware = basicAuth({
        authorizer: myAuthorizer,
        authorizeAsync: true,
        challenge: true,
-});
+    });
+
+    const disabledAuth = await setting("disableAuth");
+
+    if (!disabledAuth) {
+        middleware(req, res, next);
+    } else {
+        next();
+    }
+};