No auth and req.user for cover images

2024-11-07 08:34:10 +01:00 · 2024-11-02 15:17:11 +02:00 · 2024-11-02 15:17:11 +02:00 · 4224b8a486
commit 4224b8a486
parent 9e990d7927
2 changed files with 27 additions and 7 deletions
--- a/server/Auth.js
+++ b/server/Auth.js
@ -18,6 +18,26 @@ class Auth {
  constructor() {
    // Map of openId sessions indexed by oauth2 state-variable
    this.openIdAuthSession = new Map()
+    this.ignorePattern = /\/api\/items\/[^/]+\/cover/
+  }
+
+  /**
+   * Checks if the request should not be authenticated.
+   * @param {import('express').Request} req
+   * @returns {boolean}
+   * @private
+   */
+  authNotNeeded(req) {
+    return req.method === 'GET' && this.ignorePattern.test(req.originalUrl)
+  }
+
+  ifAuthNeeded(middleware) {
+    return (req, res, next) => {
+      if (this.authNotNeeded(req)) {
+        return next()
+      }
+      middleware(req, res, next)
+    }
  }

  /**
--- a/server/Server.js
+++ b/server/Server.js
@ -238,7 +238,7 @@ class Server {
    // init passport.js
    app.use(passport.initialize())
    // register passport in express-session
-    app.use(passport.session())
+    app.use(this.auth.ifAuthNeeded(passport.session()))
    // config passport.js
    await this.auth.initPassportJs()

@ -268,6 +268,10 @@ class Server {
    router.use(express.urlencoded({ extended: true, limit: '5mb' }))
    router.use(express.json({ limit: '5mb' }))

+    router.use('/api', this.auth.ifAuthNeeded(this.authMiddleware.bind(this)), this.apiRouter.router)
+    router.use('/hls', this.authMiddleware.bind(this), this.hlsRouter.router)
+    router.use('/public', this.publicRouter.router)
+
    // Static path to generated nuxt
    const distPath = Path.join(global.appRoot, '/client/dist')
    router.use(express.static(distPath))
@ -275,10 +279,6 @@ class Server {
    // Static folder
    router.use(express.static(Path.join(global.appRoot, 'static')))

-    router.use('/api', this.authMiddleware.bind(this), this.apiRouter.router)
-    router.use('/hls', this.authMiddleware.bind(this), this.hlsRouter.router)
-    router.use('/public', this.publicRouter.router)
-
    // RSS Feed temp route
    router.get('/feed/:slug', (req, res) => {
      Logger.info(`[Server] Requesting rss feed ${req.params.slug}`)
@ -296,7 +296,7 @@ class Server {
    await this.auth.initAuthRoutes(router)

    // Client dynamic routes
-    const dyanimicRoutes = [
+    const dynamicRoutes = [
      '/item/:id',
      '/author/:id',
      '/audiobook/:id/chapters',
@ -319,7 +319,7 @@ class Server {
      '/playlist/:id',
      '/share/:slug'
    ]
-    dyanimicRoutes.forEach((route) => router.get(route, (req, res) => res.sendFile(Path.join(distPath, 'index.html'))))
+    dynamicRoutes.forEach((route) => router.get(route, (req, res) => res.sendFile(Path.join(distPath, 'index.html'))))

    router.post('/init', (req, res) => {
      if (Database.hasRootUser) {