feat(authentication): add a --no-auth flag to disable authentication (#553)

2025-07-21 22:39:41 +02:00 · 2017-02-01 22:13:48 +13:00 · 2017-02-01 22:13:48 +13:00 · 10f7744a62
commit 10f7744a62
parent 779fcf8e7f
16 changed files with 203 additions and 191 deletions
--- a/api/http/middleware.go
+++ b/api/http/middleware.go
@ -9,7 +9,8 @@ import (

 // Service represents a service to manage HTTP middlewares
 type middleWareService struct {
-	jwtService portainer.JWTService
+	jwtService   portainer.JWTService
+	authDisabled bool
 }

 func addMiddleware(h http.Handler, middleware ...func(http.Handler) http.Handler) http.Handler {
@ -37,24 +38,26 @@ func (*middleWareService) middleWareSecureHeaders(next http.Handler) http.Handle
 // middleWareAuthenticate provides Authentication middleware for handlers
 func (service *middleWareService) middleWareAuthenticate(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var token string
+		if !service.authDisabled {
+			var token string

-		// Get token from the Authorization header
-		tokens, ok := r.Header["Authorization"]
-		if ok && len(tokens) >= 1 {
-			token = tokens[0]
-			token = strings.TrimPrefix(token, "Bearer ")
-		}
+			// Get token from the Authorization header
+			tokens, ok := r.Header["Authorization"]
+			if ok && len(tokens) >= 1 {
+				token = tokens[0]
+				token = strings.TrimPrefix(token, "Bearer ")
+			}

-		if token == "" {
-			Error(w, portainer.ErrUnauthorized, http.StatusUnauthorized, nil)
-			return
-		}
+			if token == "" {
+				Error(w, portainer.ErrUnauthorized, http.StatusUnauthorized, nil)
+				return
+			}

-		err := service.jwtService.VerifyToken(token)
-		if err != nil {
-			Error(w, err, http.StatusUnauthorized, nil)
-			return
+			err := service.jwtService.VerifyToken(token)
+			if err != nil {
+				Error(w, err, http.StatusUnauthorized, nil)
+				return
+			}
 		}

 		next.ServeHTTP(w, r)