feat: make the password optional (#128)

* feat: make the password optional * fix: put the check outside HashPassword * refactor: change PasswordHash to a pointer type for better checking
2025-06-07 21:17:07 +09:00 · 2025-04-05 20:14:31 +08:00 · 2025-04-05 20:14:31 +08:00 · dd0d2e7d7d
commit dd0d2e7d7d
parent 13da7d201a
4 changed files with 32 additions and 22 deletions
--- a/.env.example
+++ b/.env.example
@ -6,7 +6,7 @@
 HOST="0.0.0.0"
 PORT=8080

-# WebUI password
+# WebUI password. Leave it an empty string to disable password protection.
 PASSWORD="fusion"

 # Path to store sqlite DB file
--- a/README.md
+++ b/README.md
@ -24,7 +24,7 @@ Key features include:
 ```shell
 docker run -it -d -p 8080:8080 \
  -v $(pwd)/fusion:/data \
-  -e PASSWORD="rss123456" \
+  -e PASSWORD="fusion" \
  rook1e404/fusion:latest
 ```

@ -38,7 +38,7 @@ services:
    ports:
      - '127.0.0.1:8080:8080'
    environment:
-      - PASSWORD=rss123456
+      - PASSWORD=fusion
    restart: "unless-stopped"
    volumes:
      # Change `./data` to where you want the files stored
--- a/api/api.go
+++ b/api/api.go
@ -27,7 +27,7 @@ import (
 type Params struct {
 	Host            string
 	Port            int
-	PasswordHash    auth.HashedPassword
+	PasswordHash    *auth.HashedPassword
 	UseSecureCookie bool
 	TLSCert         string
 	TLSKey          string
@ -71,7 +71,9 @@ func Run(params Params) {
 	r.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
 		Timeout: 30 * time.Second,
 	}))
-	r.Use(session.Middleware(sessions.NewCookieStore(params.PasswordHash.Bytes())))
+	if params.PasswordHash != nil {
+		r.Use(session.Middleware(sessions.NewCookieStore(params.PasswordHash.Bytes())))
+	}
 	r.Pre(middleware.RemoveTrailingSlash())
 	r.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
@ -88,22 +90,26 @@ func Run(params Params) {
 		Browse:     false,
 	}))

-	loginAPI := Session{
-		PasswordHash:    params.PasswordHash,
-		UseSecureCookie: params.UseSecureCookie,
-	}
-	r.POST("/api/sessions", loginAPI.Create)
+	authed := r.Group("/api")

-	authed := r.Group("/api", func(next echo.HandlerFunc) echo.HandlerFunc {
-		return func(c echo.Context) error {
-			if err := loginAPI.Check(c); err != nil {
-				return echo.NewHTTPError(http.StatusUnauthorized)
-			}
-			return next(c)
+	if params.PasswordHash != nil {
+		loginAPI := Session{
+			PasswordHash:    *params.PasswordHash,
+			UseSecureCookie: params.UseSecureCookie,
 		}
-	})
+		r.POST("/api/sessions", loginAPI.Create)

-	authed.DELETE("/sessions", loginAPI.Delete)
+		authed.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
+			return func(c echo.Context) error {
+				if err := loginAPI.Check(c); err != nil {
+					return echo.NewHTTPError(http.StatusUnauthorized)
+				}
+				return next(c)
+			}
+		})
+
+		authed.DELETE("/sessions", loginAPI.Delete)
+	}

 	feeds := authed.Group("/feeds")
 	feedAPIHandler := newFeedAPI(server.NewFeed(repo.NewFeed(repo.DB)))
--- a/conf/conf.go
+++ b/conf/conf.go
@ -20,7 +20,7 @@ const (
 type Conf struct {
 	Host         string
 	Port         int
-	PasswordHash auth.HashedPassword
+	PasswordHash *auth.HashedPassword
 	DB           string
 	SecureCookie bool
 	TLSCert      string
@ -52,9 +52,13 @@ func Load() (Conf, error) {
 		fmt.Println(conf)
 	}

-	pwHash, err := auth.HashPassword(conf.Password)
-	if err != nil {
-		return Conf{}, err
+	var pwHash *auth.HashedPassword
+	if conf.Password != "" {
+		hash, err := auth.HashPassword(conf.Password)
+		if err != nil {
+			return Conf{}, err
+		}
+		pwHash = &hash
 	}

 	if (conf.TLSCert == "") != (conf.TLSKey == "") {