From a26e3fb98fd604c507d368c808e6846276005c04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemek=20Draga=C5=84czuk?= Date: Sat, 19 Sep 2020 10:01:36 +0200 Subject: [PATCH] Closes #5 (#7) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added an option to remove authentication * Updated README to document disabling authentication Co-authored-by: Przemek DragaƄczuk --- README.md | 17 +++++++++++++++-- src/main/java/tk/draganczuk/url/App.java | 2 +- src/main/java/tk/draganczuk/url/Utils.java | 10 ++++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9f4131f..f4adccb 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,6 @@ export db_url= # Default: './urls.sqlite' java -jar build/libs/url.jar ``` You can optionally set the port the server listens on by appending `--port=[port]` - ### 4. Navigate to `http://localhost:4567` in your browser, add links as you wish. ## Running with docker @@ -109,5 +108,19 @@ There is a sample `docker-compose.yml` file in this repository. It contains everything needed for a basic install. You can use it as a base, modifying it as needed. Run it with ``` -docker-compose up -d --build +docker-compose up -d ``` + +## Disable authentication +As requested in #5, it is possible to completely disable the authentication. +This if not recommended, as it will allow anyone to create new links and delete +old ones. This might not seem like a bad idea, until you have hundreds of links +pointing to illegal content. Since there are no logs, it's impossible to prove +that those links aren't created by you. + +If you still want to do it, then you need to set an environment variable to +an exact value: +``` +INSECURE_DISABLE_PASSWORD=I_KNOW_ITS_BAD +``` +Any other value will not work. diff --git a/src/main/java/tk/draganczuk/url/App.java b/src/main/java/tk/draganczuk/url/App.java index 332263f..6685f89 100644 --- a/src/main/java/tk/draganczuk/url/App.java +++ b/src/main/java/tk/draganczuk/url/App.java @@ -21,7 +21,7 @@ public class App { after(Filters::addGZIP); // No need to auth in dev - if (System.getenv("dev") == null) { + if (System.getenv("dev") == null && Utils.isPasswordEnabled()) { // Authenticate before("/api/*", Filters.createAuthFilter()); } diff --git a/src/main/java/tk/draganczuk/url/Utils.java b/src/main/java/tk/draganczuk/url/Utils.java index 174a7b5..14e71d4 100644 --- a/src/main/java/tk/draganczuk/url/Utils.java +++ b/src/main/java/tk/draganczuk/url/Utils.java @@ -27,4 +27,14 @@ public class Utils { return PATTERN.matcher(shortUrl) .matches(); } + + public static boolean isPasswordEnabled(){ + String disablePasswordEnv = System.getenv("INSECURE_DISABLE_PASSWORD"); + + if(disablePasswordEnv != null && disablePasswordEnv.equals("I_KNOW_ITS_BAD")){ + return false; + } + + return true; + } }