From 3c60ed68115322de3330d068439b47c1e2cf6fc7 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Tue, 8 Apr 2014 01:00:09 +0100
Subject: [PATCH] Add an config option to disable authentication in order to
 allow anybody to access the app. The login flow is not great because users
 have to login every time the server is restarted.

dummy
---
 heimcontrol.js  | 21 ++++++++++++---------
 routes/index.js | 12 ++++++++++++
 2 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/heimcontrol.js b/heimcontrol.js
index a2db55a..0df2c7a 100755
--- a/heimcontrol.js
+++ b/heimcontrol.js
@@ -139,6 +139,9 @@ requirejs([ 'http', 'connect', 'mongodb', 'path', 'express', 'node-conf', 'socke
       });
 
       // Routes
+      var isAuthorizedRoute = config.authentication == "false" ?
+	Routes.noAuthentication : Routes.isAuthorized;
+
       app.get('/register', Routes.showRegister);
       app.post('/register', Routes.doRegister);
 
@@ -146,18 +149,18 @@ requirejs([ 'http', 'connect', 'mongodb', 'path', 'express', 'node-conf', 'socke
       app.post('/login', Routes.doLogin);
       app.post('/api/login', Routes.createAuthToken);
 
-      app.get('/', Routes.isAuthorized, Routes.index);
+      app.get('/', isAuthorizedRoute, Routes.index);
 
-      app.get('/settings', Routes.isAuthorized, Routes.settings);
-      app.post('/settings/password', Routes.isAuthorized, Routes.changePassword);
-      app.post('/settings/user/create', Routes.isAuthorized, Routes.createUser);
-      app.get('/settings/user/delete/:email', Routes.isAuthorized, Routes.deleteUser);
-      app.post('/settings/theme', Routes.isAuthorized, Routes.changeTheme);
+      app.get('/settings', isAuthorizedRoute, Routes.settings);
+      app.post('/settings/password', isAuthorizedRoute, Routes.changePassword);
+      app.post('/settings/user/create', isAuthorizedRoute, Routes.createUser);
+      app.get('/settings/user/delete/:email', isAuthorizedRoute, Routes.deleteUser);
+      app.post('/settings/theme', isAuthorizedRoute, Routes.changeTheme);
 
-      app.all('/api/:plugin/:method?', Routes.isAuthorized, Routes.api, Routes.notFound);
+      app.all('/api/:plugin/:method?', isAuthorizedRoute, Routes.api, Routes.notFound);
       
-      app.get('/settings/:plugin', Routes.isAuthorized, Routes.settings, Routes.notFound);
-      app.post('/settings/:plugin', Routes.isAuthorized, Routes.saveSettings, Routes.notFound);
+      app.get('/settings/:plugin', isAuthorizedRoute, Routes.settings, Routes.notFound);
+      app.post('/settings/:plugin', isAuthorizedRoute, Routes.saveSettings, Routes.notFound);
 
       app.get('/logout', Routes.logout);
       
diff --git a/routes/index.js b/routes/index.js
index f2e7532..b3dedf3 100755
--- a/routes/index.js
+++ b/routes/index.js
@@ -758,6 +758,18 @@ define([ 'crypto', 'cookie', 'fs' ], function(crypto, cookie, fs) {
     }
   };
 
+  /**
+   * Don't do any authorization check.
+   *
+   * @method noAuthentication 
+   * @param {Object} req The request
+   * @param {Object} res The response
+   * @param {Object} next The next route
+   */
+  Controller.noAuthentication = function(req, res, next) {
+    next();
+  };
+
   var exports = Controller;
 
   return exports;