From 75933d7e59838f7c8728ca08cf39659f24a6cac6 Mon Sep 17 00:00:00 2001
From: Sambhav Saggi <17993169+9p4@users.noreply.github.com>
Date: Tue, 31 May 2022 18:29:50 -0400
Subject: [PATCH 1/7] fix: disable authentication properly

---
 backend/app.js                                |  12 +-
 frontend/src/components/Bar/Bar.jsx           | 116 +++++++++---------
 .../HomeLoggedOut/HomeLoggedOut.jsx           |   2 +
 frontend/src/utils/API.js                     |   9 +-
 4 files changed, 74 insertions(+), 65 deletions(-)

diff --git a/backend/app.js b/backend/app.js
index b2a9eff..7f46dd3 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -18,11 +18,13 @@ const app = express();
 app.use(logger("dev"));
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
-app.use(
-  bearerToken({
-    headerKey: "Bearer",
-  })
-);
+if (process.env.ZU_DISABLE_AUTH === "true") {
+  app.use(
+    bearerToken({
+      headerKey: "Bearer",
+    })
+  );
+}
 
 if (
   process.env.NODE_ENV === "production" &&
diff --git a/frontend/src/components/Bar/Bar.jsx b/frontend/src/components/Bar/Bar.jsx
index 444a06f..aac68c6 100644
--- a/frontend/src/components/Bar/Bar.jsx
+++ b/frontend/src/components/Bar/Bar.jsx
@@ -21,6 +21,7 @@ import LogIn from "components/LogIn";
 
 function Bar() {
   const [loggedIn, setLoggedIn] = useLocalStorage("loggedIn", false);
+  const [disabledAuth] = useLocalStorage("disableAuth", false);
   const [anchorEl, setAnchorEl] = useState(null);
 
   const history = useHistory();
@@ -46,7 +47,7 @@ function Bar() {
     //   name: "Settings",
     //   to: "/settings",
     // },
-    {
+    !disabledAuth && {
       name: "Log out",
       divide: true,
       onClick: onLogOutClick,
@@ -72,69 +73,70 @@ function Bar() {
             </Link>
           </Typography>
         </Box>
+        {/* The filter removes all elements that are "true" or "false" */}
+        {loggedIn &&
+          menuItems.filter((e) => typeof e !== "boolean").length > 0 && (
+            <>
+              <Button color="inherit" onClick={openMenu}>
+                <MenuIcon></MenuIcon>
+              </Button>
 
-        {loggedIn && (
-          <>
-            <Button color="inherit" onClick={openMenu}>
-              <MenuIcon></MenuIcon>
-            </Button>
+              <Menu
+                anchorEl={anchorEl}
+                open={Boolean(anchorEl)}
+                onClose={closeMenu}
+              >
+                {menuItems.map((menuItem, index) => {
+                  if (
+                    menuItem.hasOwnProperty("condition") &&
+                    !menuItem.condition
+                  ) {
+                    return null;
+                  }
 
-            <Menu
-              anchorEl={anchorEl}
-              open={Boolean(anchorEl)}
-              onClose={closeMenu}
-            >
-              {menuItems.map((menuItem, index) => {
-                if (
-                  menuItem.hasOwnProperty("condition") &&
-                  !menuItem.condition
-                ) {
-                  return null;
-                }
+                  let component = null;
 
-                let component = null;
+                  if (menuItem.to) {
+                    component = (
+                      <MenuItem
+                        key={index}
+                        component={RouterLink}
+                        to={menuItem.to}
+                        onClick={closeMenu}
+                      >
+                        {menuItem.name}
+                      </MenuItem>
+                    );
+                  } else {
+                    component = (
+                      <MenuItem
+                        key={index}
+                        onClick={() => {
+                          closeMenu();
 
-                if (menuItem.to) {
-                  component = (
-                    <MenuItem
-                      key={index}
-                      component={RouterLink}
-                      to={menuItem.to}
-                      onClick={closeMenu}
-                    >
-                      {menuItem.name}
-                    </MenuItem>
-                  );
-                } else {
-                  component = (
-                    <MenuItem
-                      key={index}
-                      onClick={() => {
-                        closeMenu();
+                          menuItem.onClick();
+                        }}
+                      >
+                        {menuItem.name}
+                      </MenuItem>
+                    );
+                  }
 
-                        menuItem.onClick();
-                      }}
-                    >
-                      {menuItem.name}
-                    </MenuItem>
-                  );
-                }
+                  if (menuItem.divide) {
+                    return (
+                      <span key={index}>
+                        <Divider />
 
-                if (menuItem.divide) {
-                  return (
-                    <span key={index}>
-                      <Divider />
+                        {component}
+                      </span>
+                    );
+                  }
 
-                      {component}
-                    </span>
-                  );
-                }
-
-                return component;
-              })}
-            </Menu>
-          </>
-        )}
+                  return component;
+                })}
+              </Menu>
+            </>
+          )}
         {!loggedIn && LogIn()}
       </Toolbar>
     </AppBar>
diff --git a/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx b/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx
index 2a57165..82f5550 100644
--- a/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx
+++ b/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx
@@ -6,10 +6,12 @@ import { useHistory } from "react-router-dom";
 function HomeLoggedOut() {
   const [, setLoggedIn] = useLocalStorage("loggedIn", false);
   const [, setToken] = useLocalStorage("token", null);
+  const [, setDisableAuth] = useLocalStorage("disableAuth", false);
   const history = useHistory();
   axios.get("/auth/login").then(function (response) {
     if (!response.data.enabled) {
       setLoggedIn(true);
+      setDisableAuth(true);
       setToken("");
       history.go(0);
     }
diff --git a/frontend/src/utils/API.js b/frontend/src/utils/API.js
index 1d3a28b..4656032 100644
--- a/frontend/src/utils/API.js
+++ b/frontend/src/utils/API.js
@@ -5,7 +5,10 @@ const baseURL = "/api/";
 export default axios.create({
   baseURL: baseURL,
   responseType: "json",
-  headers: {
-    Authorization: `Bearer ${JSON.parse(localStorage.getItem("token"))}`,
-  },
+  headers:
+    localStorage.getItem("disableAuth") === "true"
+      ? {}
+      : {
+          Authorization: `Bearer ${JSON.parse(localStorage.getItem("token"))}`,
+        },
 });

From f30dec6eacfe0d2ac0031861b4f22f34dbab32c7 Mon Sep 17 00:00:00 2001
From: Sambhav Saggi <17993169+9p4@users.noreply.github.com>
Date: Tue, 31 May 2022 19:46:07 -0400
Subject: [PATCH 2/7] fix: correct conditional for enabling bearer token

---
 backend/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/app.js b/backend/app.js
index 7f46dd3..263a965 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -18,7 +18,7 @@ const app = express();
 app.use(logger("dev"));
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
-if (process.env.ZU_DISABLE_AUTH === "true") {
+if (process.env.ZU_DISABLE_AUTH !== "true") {
   app.use(
     bearerToken({
       headerKey: "Bearer",

From 036e5779ba319a63c9d749c32fcbd5452d2bd2d2 Mon Sep 17 00:00:00 2001
From: Sambhav Saggi <17993169+9p4@users.noreply.github.com>
Date: Tue, 31 May 2022 20:06:49 -0400
Subject: [PATCH 3/7] fix: update disableAuth in localStorage if server config
 changes

---
 frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx b/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx
index 82f5550..f58e072 100644
--- a/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx
+++ b/frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx
@@ -14,6 +14,8 @@ function HomeLoggedOut() {
       setDisableAuth(true);
       setToken("");
       history.go(0);
+    } else {
+      setDisableAuth(false);
     }
   });
   return (

From ddb3f442f85991db4fa0721f0d7c2b004a9ea12d Mon Sep 17 00:00:00 2001
From: Sambhav Saggi <17993169+9p4@users.noreply.github.com>
Date: Tue, 31 May 2022 21:00:43 -0400
Subject: [PATCH 4/7] fix: simplify code and check login status on home page
 load

---
 frontend/src/components/Bar/Bar.jsx           | 125 +++++++++---------
 .../components/HomeLoggedIn/HomeLoggedIn.jsx  |  14 ++
 2 files changed, 78 insertions(+), 61 deletions(-)

diff --git a/frontend/src/components/Bar/Bar.jsx b/frontend/src/components/Bar/Bar.jsx
index aac68c6..fe075cd 100644
--- a/frontend/src/components/Bar/Bar.jsx
+++ b/frontend/src/components/Bar/Bar.jsx
@@ -47,11 +47,15 @@ function Bar() {
     //   name: "Settings",
     //   to: "/settings",
     // },
-    !disabledAuth && {
-      name: "Log out",
-      divide: true,
-      onClick: onLogOutClick,
-    },
+    ...(!disabledAuth
+      ? [
+          {
+            name: "Log out",
+            divide: true,
+            onClick: onLogOutClick,
+          },
+        ]
+      : []),
   ];
 
   return (
@@ -74,69 +78,68 @@ function Bar() {
           </Typography>
         </Box>
         {/* The filter removes all elements that are "true" or "false" */}
-        {loggedIn &&
-          menuItems.filter((e) => typeof e !== "boolean").length > 0 && (
-            <>
-              <Button color="inherit" onClick={openMenu}>
-                <MenuIcon></MenuIcon>
-              </Button>
+        {loggedIn && menuItems.length > 0 && (
+          <>
+            <Button color="inherit" onClick={openMenu}>
+              <MenuIcon></MenuIcon>
+            </Button>
 
-              <Menu
-                anchorEl={anchorEl}
-                open={Boolean(anchorEl)}
-                onClose={closeMenu}
-              >
-                {menuItems.map((menuItem, index) => {
-                  if (
-                    menuItem.hasOwnProperty("condition") &&
-                    !menuItem.condition
-                  ) {
-                    return null;
-                  }
+            <Menu
+              anchorEl={anchorEl}
+              open={Boolean(anchorEl)}
+              onClose={closeMenu}
+            >
+              {menuItems.map((menuItem, index) => {
+                if (
+                  menuItem.hasOwnProperty("condition") &&
+                  !menuItem.condition
+                ) {
+                  return null;
+                }
 
-                  let component = null;
+                let component = null;
 
-                  if (menuItem.to) {
-                    component = (
-                      <MenuItem
-                        key={index}
-                        component={RouterLink}
-                        to={menuItem.to}
-                        onClick={closeMenu}
-                      >
-                        {menuItem.name}
-                      </MenuItem>
-                    );
-                  } else {
-                    component = (
-                      <MenuItem
-                        key={index}
-                        onClick={() => {
-                          closeMenu();
+                if (menuItem.to) {
+                  component = (
+                    <MenuItem
+                      key={index}
+                      component={RouterLink}
+                      to={menuItem.to}
+                      onClick={closeMenu}
+                    >
+                      {menuItem.name}
+                    </MenuItem>
+                  );
+                } else {
+                  component = (
+                    <MenuItem
+                      key={index}
+                      onClick={() => {
+                        closeMenu();
 
-                          menuItem.onClick();
-                        }}
-                      >
-                        {menuItem.name}
-                      </MenuItem>
-                    );
-                  }
+                        menuItem.onClick();
+                      }}
+                    >
+                      {menuItem.name}
+                    </MenuItem>
+                  );
+                }
 
-                  if (menuItem.divide) {
-                    return (
-                      <span key={index}>
-                        <Divider />
+                if (menuItem.divide) {
+                  return (
+                    <span key={index}>
+                      <Divider />
 
-                        {component}
-                      </span>
-                    );
-                  }
+                      {component}
+                    </span>
+                  );
+                }
 
-                  return component;
-                })}
-              </Menu>
-            </>
-          )}
+                return component;
+              })}
+            </Menu>
+          </>
+        )}
         {!loggedIn && LogIn()}
       </Toolbar>
     </AppBar>
diff --git a/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx b/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx
index ff45f76..2dbc1bd 100644
--- a/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx
+++ b/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx
@@ -1,5 +1,7 @@
 import { useState, useEffect } from "react";
 import { useHistory } from "react-router-dom";
+import { useLocalStorage } from "react-use";
+import axios from "axios";
 
 import { Divider, Button, Grid, Typography, Box } from "@material-ui/core";
 import useStyles from "./HomeLoggedIn.styles";
@@ -11,10 +13,22 @@ import { generateNetworkConfig } from "utils/NetworkConfig";
 
 function HomeLoggedIn() {
   const [networks, setNetworks] = useState([]);
+  const [, setLoggedIn] = useLocalStorage("loggedIn", false);
+  const [, setDisableAuth] = useLocalStorage("disableAuth", false);
+  const [token, setToken] = useLocalStorage("token", null);
 
   const classes = useStyles();
   const history = useHistory();
 
+  axios.get("/auth/login").then(function (response) {
+    if (response.data.enabled) {
+      setDisableAuth(false);
+      if (!token || token.length === 0) {
+        setLoggedIn(false);
+      }
+    }
+  });
+
   const createNetwork = async () => {
     const network = await API.post("network", generateNetworkConfig());
     console.log(network);

From 6725a57237a1d2f876f01e87dd179f939be1e5bb Mon Sep 17 00:00:00 2001
From: 9p4 <17993169+9p4@users.noreply.github.com>
Date: Sat, 18 Jun 2022 11:05:57 +0530
Subject: [PATCH 5/7] Remove redundant disabled auth checks

---
 .../src/components/HomeLoggedIn/HomeLoggedIn.jsx   | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx b/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx
index 2dbc1bd..ff45f76 100644
--- a/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx
+++ b/frontend/src/components/HomeLoggedIn/HomeLoggedIn.jsx
@@ -1,7 +1,5 @@
 import { useState, useEffect } from "react";
 import { useHistory } from "react-router-dom";
-import { useLocalStorage } from "react-use";
-import axios from "axios";
 
 import { Divider, Button, Grid, Typography, Box } from "@material-ui/core";
 import useStyles from "./HomeLoggedIn.styles";
@@ -13,22 +11,10 @@ import { generateNetworkConfig } from "utils/NetworkConfig";
 
 function HomeLoggedIn() {
   const [networks, setNetworks] = useState([]);
-  const [, setLoggedIn] = useLocalStorage("loggedIn", false);
-  const [, setDisableAuth] = useLocalStorage("disableAuth", false);
-  const [token, setToken] = useLocalStorage("token", null);
 
   const classes = useStyles();
   const history = useHistory();
 
-  axios.get("/auth/login").then(function (response) {
-    if (response.data.enabled) {
-      setDisableAuth(false);
-      if (!token || token.length === 0) {
-        setLoggedIn(false);
-      }
-    }
-  });
-
   const createNetwork = async () => {
     const network = await API.post("network", generateNetworkConfig());
     console.log(network);

From b8026818fe942ad611993e868394b069559bc740 Mon Sep 17 00:00:00 2001
From: 9p4 <17993169+9p4@users.noreply.github.com>
Date: Sat, 18 Jun 2022 11:08:54 +0530
Subject: [PATCH 6/7] Add localStorage disclaimer

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 31719c4..1e31667 100755
--- a/README.md
+++ b/README.md
@@ -153,7 +153,7 @@ Advanced manual setups are also supported. Check the following environment varia
 | ZU_DEFAULT_USERNAME | unset (`docker-compose.yml`: admin) | Default username that will be set on the first run |
 | ZU_DEFAULT_PASSWORD | unset (`docker-compose.yml`: zero-ui) | Default password that will be set on the first run |
 | ZU_DATAPATH | `data/db.json` | ZeroUI data storage path |
-| ZU_DISABLE_AUTH | unset | If set to true, automatically log in all users. This is useful if ZeroUI is protected by an authentication proxy |
+| ZU_DISABLE_AUTH | unset | If set to true, automatically log in all users. This is useful if ZeroUI is protected by an authentication proxy. Note that when this value is changed, the localStorage of instances of logged-in panels should be cleared |
 
 ZeroUI could be deployed as a regular nodejs web application, but it requires ZeroTier controller that is installed with `zerotier-one` package. More info about the network controller you could read [here](https://github.com/zerotier/ZeroTierOne/tree/master/controller/#readme).
 

From 74a36ad3efa3fffad2849c9375f4a621b9c6851a Mon Sep 17 00:00:00 2001
From: 9p4 <17993169+9p4@users.noreply.github.com>
Date: Sat, 18 Jun 2022 11:10:48 +0530
Subject: [PATCH 7/7] Remove old comment

---
 frontend/src/components/Bar/Bar.jsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/frontend/src/components/Bar/Bar.jsx b/frontend/src/components/Bar/Bar.jsx
index fe075cd..7f24969 100644
--- a/frontend/src/components/Bar/Bar.jsx
+++ b/frontend/src/components/Bar/Bar.jsx
@@ -77,7 +77,6 @@ function Bar() {
             </Link>
           </Typography>
         </Box>
-        {/* The filter removes all elements that are "true" or "false" */}
         {loggedIn && menuItems.length > 0 && (
           <>
             <Button color="inherit" onClick={openMenu}>