search

dullage / flatnotes

A self-hosted, database-less note taking web app that utilises a flat folder of markdown files for storage.
MIT License
1.49k stars 87 forks source link

Add option to disable authentication #15

Closed poblabs closed 2 years ago

poblabs commented 2 years ago

Hi again, last question. Is it possible to disable auth? Thanks again!

dullage commented 2 years ago

@poblabs - Not at present. The best you can do is extend the FLATNOTES_SESSION_EXPIRY_DAYS environment variable to something like 365 then at least you'd only need to log in once a year (or when accessing it on a new machine).

I'll leave this open as suggestion and maybe I can add this as an option in the future.

hbjydev commented 2 years ago

@Dullage This would be cool for making a searchable public zettelkasten repo tbh

poblabs commented 2 years ago

A hack I've found to disable authentication is to just reply true to the token validation request. In auth.py I did this:

async def validate_token(token: str = Depends(oauth2_scheme)):
    return True
    # try:
    #     payload = jwt.decode(token, JWT_SECRET_KEY, algorithms=[JWT_ALGORITHM])
    #     username = payload.get("sub")
    #     if username is None or username.lower() != FLATNOTES_USERNAME.lower():
    #         raise ValueError
    #     return FLATNOTES_USERNAME
    # except (JWTError, ValueError):
    #     raise HTTPException(
    #         status_code=401,
    #         detail="Invalid authentication credentials",
    #         headers={"WWW-Authenticate": "Bearer"},
    #     )
dullage commented 2 years ago

As of v2.1.0 you can now disable authentication by setting the FLATNOTES_AUTH_TYPE to none. See the Environment Variables article in the wiki for more information.