Merge pull request #82 from 9p4/disable-auth-properly

fix: disable authentication properly

README.md

@@ -153,7 +153,7 @@ Advanced manual setups are also supported. Check the following environment varia
 | ZU_DEFAULT_USERNAME | unset (`docker-compose.yml`: admin) | Default username that will be set on the first run |
 | ZU_DEFAULT_PASSWORD | unset (`docker-compose.yml`: zero-ui) | Default password that will be set on the first run |
 | ZU_DATAPATH | `data/db.json` | ZeroUI data storage path |
-| ZU_DISABLE_AUTH | unset | If set to true, automatically log in all users. This is useful if ZeroUI is protected by an authentication proxy |
+| ZU_DISABLE_AUTH | unset | If set to true, automatically log in all users. This is useful if ZeroUI is protected by an authentication proxy. Note that when this value is changed, the localStorage of instances of logged-in panels should be cleared |
 
 ZeroUI could be deployed as a regular nodejs web application, but it requires ZeroTier controller that is installed with `zerotier-one` package. More info about the network controller you could read [here](https://github.com/zerotier/ZeroTierOne/tree/master/controller/#readme).
 

backend/app.js

@@ -18,11 +18,13 @@ const app = express();
 app.use(logger("dev"));
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
-app.use(
+if (process.env.ZU_DISABLE_AUTH !== "true") {
-  bearerToken({
+  app.use(
-    headerKey: "Bearer",
+    bearerToken({
-  })
+      headerKey: "Bearer",
-);
+    })
+  );
+}
 
 if (
   process.env.NODE_ENV === "production" &&

frontend/src/components/Bar/Bar.jsx

@@ -21,6 +21,7 @@ import LogIn from "components/LogIn";
 
 function Bar() {
   const [loggedIn, setLoggedIn] = useLocalStorage("loggedIn", false);
+  const [disabledAuth] = useLocalStorage("disableAuth", false);
   const [anchorEl, setAnchorEl] = useState(null);
 
   const history = useHistory();
@@ -46,11 +47,15 @@ function Bar() {
     //   name: "Settings",
     //   to: "/settings",
     // },
-    {
+    ...(!disabledAuth
-      name: "Log out",
+      ? [
-      divide: true,
+          {
-      onClick: onLogOutClick,
+            name: "Log out",
-    },
+            divide: true,
+            onClick: onLogOutClick,
+          },
+        ]
+      : []),
   ];
 
   return (
@@ -72,8 +77,7 @@ function Bar() {
             </Link>
           </Typography>
         </Box>
-
+        {loggedIn && menuItems.length > 0 && (
-        {loggedIn && (
           <>
             <Button color="inherit" onClick={openMenu}>
               <MenuIcon></MenuIcon>

frontend/src/components/HomeLoggedOut/HomeLoggedOut.jsx

@@ -6,12 +6,16 @@ import { useHistory } from "react-router-dom";
 function HomeLoggedOut() {
   const [, setLoggedIn] = useLocalStorage("loggedIn", false);
   const [, setToken] = useLocalStorage("token", null);
+  const [, setDisableAuth] = useLocalStorage("disableAuth", false);
   const history = useHistory();
   axios.get("/auth/login").then(function (response) {
     if (!response.data.enabled) {
       setLoggedIn(true);
+      setDisableAuth(true);
       setToken("");
       history.go(0);
+    } else {
+      setDisableAuth(false);
     }
   });
   return (

frontend/src/utils/API.js

@@ -5,7 +5,10 @@ const baseURL = "/api/";
 export default axios.create({
   baseURL: baseURL,
   responseType: "json",
-  headers: {
+  headers:
-    Authorization: `Bearer ${JSON.parse(localStorage.getItem("token"))}`,
+    localStorage.getItem("disableAuth") === "true"
-  },
+      ? {}
+      : {
+          Authorization: `Bearer ${JSON.parse(localStorage.getItem("token"))}`,
+        },
 });