feat: make the password optional (#128)

* feat: make the password optional

* fix: put the check outside HashPassword

* refactor: change PasswordHash to a pointer type for better checking

.env.example

@@ -6,7 +6,7 @@
 HOST="0.0.0.0"
 PORT=8080
 
-# WebUI password
+# WebUI password. Leave it an empty string to disable password protection.
 PASSWORD="fusion"
 
 # Path to store sqlite DB file

README.md

@@ -24,7 +24,7 @@ Key features include:
 ```shell
 docker run -it -d -p 8080:8080 \
   -v $(pwd)/fusion:/data \
-  -e PASSWORD="rss123456" \
+  -e PASSWORD="fusion" \
   rook1e404/fusion:latest
 ```
 
@@ -38,7 +38,7 @@ services:
     ports:
       - '127.0.0.1:8080:8080'
     environment:
-      - PASSWORD=rss123456
+      - PASSWORD=fusion
     restart: "unless-stopped"
     volumes:
       # Change `./data` to where you want the files stored

api/api.go

@@ -27,7 +27,7 @@ import (
 type Params struct {
 	Host            string
 	Port            int
-	PasswordHash    auth.HashedPassword
+	PasswordHash    *auth.HashedPassword
 	UseSecureCookie bool
 	TLSCert         string
 	TLSKey          string
@@ -71,7 +71,9 @@ func Run(params Params) {
 	r.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
 		Timeout: 30 * time.Second,
 	}))
-	r.Use(session.Middleware(sessions.NewCookieStore(params.PasswordHash.Bytes())))
+	if params.PasswordHash != nil {
+		r.Use(session.Middleware(sessions.NewCookieStore(params.PasswordHash.Bytes())))
+	}
 	r.Pre(middleware.RemoveTrailingSlash())
 	r.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
@@ -88,22 +90,26 @@ func Run(params Params) {
 		Browse:     false,
 	}))
 
-	loginAPI := Session{
+	authed := r.Group("/api")
-		PasswordHash:    params.PasswordHash,
-		UseSecureCookie: params.UseSecureCookie,
-	}
-	r.POST("/api/sessions", loginAPI.Create)
 
-	authed := r.Group("/api", func(next echo.HandlerFunc) echo.HandlerFunc {
+	if params.PasswordHash != nil {
-		return func(c echo.Context) error {
+		loginAPI := Session{
-			if err := loginAPI.Check(c); err != nil {
+			PasswordHash:    *params.PasswordHash,
-				return echo.NewHTTPError(http.StatusUnauthorized)
+			UseSecureCookie: params.UseSecureCookie,
-			}
-			return next(c)
 		}
-	})
+		r.POST("/api/sessions", loginAPI.Create)
 
-	authed.DELETE("/sessions", loginAPI.Delete)
+		authed.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
+			return func(c echo.Context) error {
+				if err := loginAPI.Check(c); err != nil {
+					return echo.NewHTTPError(http.StatusUnauthorized)
+				}
+				return next(c)
+			}
+		})
+
+		authed.DELETE("/sessions", loginAPI.Delete)
+	}
 
 	feeds := authed.Group("/feeds")
 	feedAPIHandler := newFeedAPI(server.NewFeed(repo.NewFeed(repo.DB)))

conf/conf.go

@@ -20,7 +20,7 @@ const (
 type Conf struct {
 	Host         string
 	Port         int
-	PasswordHash auth.HashedPassword
+	PasswordHash *auth.HashedPassword
 	DB           string
 	SecureCookie bool
 	TLSCert      string
@@ -52,9 +52,13 @@ func Load() (Conf, error) {
 		fmt.Println(conf)
 	}
 
-	pwHash, err := auth.HashPassword(conf.Password)
+	var pwHash *auth.HashedPassword
-	if err != nil {
+	if conf.Password != "" {
-		return Conf{}, err
+		hash, err := auth.HashPassword(conf.Password)
+		if err != nil {
+			return Conf{}, err
+		}
+		pwHash = &hash
 	}
 
 	if (conf.TLSCert == "") != (conf.TLSKey == "") {