diff --git a/README.md b/README.md index 9f4131f..f4adccb 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,6 @@ export db_url= # Default: './urls.sqlite' java -jar build/libs/url.jar ``` You can optionally set the port the server listens on by appending `--port=[port]` - ### 4. Navigate to `http://localhost:4567` in your browser, add links as you wish. ## Running with docker @@ -109,5 +108,19 @@ There is a sample `docker-compose.yml` file in this repository. It contains everything needed for a basic install. You can use it as a base, modifying it as needed. Run it with ``` -docker-compose up -d --build +docker-compose up -d ``` + +## Disable authentication +As requested in #5, it is possible to completely disable the authentication. +This if not recommended, as it will allow anyone to create new links and delete +old ones. This might not seem like a bad idea, until you have hundreds of links +pointing to illegal content. Since there are no logs, it's impossible to prove +that those links aren't created by you. + +If you still want to do it, then you need to set an environment variable to +an exact value: +``` +INSECURE_DISABLE_PASSWORD=I_KNOW_ITS_BAD +``` +Any other value will not work. diff --git a/src/main/java/tk/draganczuk/url/App.java b/src/main/java/tk/draganczuk/url/App.java index 332263f..6685f89 100644 --- a/src/main/java/tk/draganczuk/url/App.java +++ b/src/main/java/tk/draganczuk/url/App.java @@ -21,7 +21,7 @@ public class App { after(Filters::addGZIP); // No need to auth in dev - if (System.getenv("dev") == null) { + if (System.getenv("dev") == null && Utils.isPasswordEnabled()) { // Authenticate before("/api/*", Filters.createAuthFilter()); } diff --git a/src/main/java/tk/draganczuk/url/Utils.java b/src/main/java/tk/draganczuk/url/Utils.java index 174a7b5..14e71d4 100644 --- a/src/main/java/tk/draganczuk/url/Utils.java +++ b/src/main/java/tk/draganczuk/url/Utils.java @@ -27,4 +27,14 @@ public class Utils { return PATTERN.matcher(shortUrl) .matches(); } + + public static boolean isPasswordEnabled(){ + String disablePasswordEnv = System.getenv("INSECURE_DISABLE_PASSWORD"); + + if(disablePasswordEnv != null && disablePasswordEnv.equals("I_KNOW_ITS_BAD")){ + return false; + } + + return true; + } }