sjg/trx-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[fix](trx-frontend-http): grant full access by default when auth is disabled

Browse Source 
When HTTP authentication is disabled (the default), the /auth/session
endpoint now returns { authenticated: true, role: "control" } instead
of 404. This allows the frontend to proceed without showing a login
gate, providing the expected out-of-the-box experience.

With this change:
- Default behavior: no login required, full control access
- Auth enabled: login gate shown, roles enforced per config

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stanislaw Grams <stanislawgrams@gmail.com>
This commit is contained in:
Stan Grams
2026-02-13 08:26:20 +01:00
parent a1c0755ccc
commit 4e43b5b533
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs
+5 -1
View File
@@ -351,8 +351,12 @@ pub async fn session_status(
req: HttpRequest, req: HttpRequest,
auth_state: web::Data<AuthState>, auth_state: web::Data<AuthState>,
) -> Result<impl Responder, Error> { ) -> Result<impl Responder, Error> {
// If auth is disabled, grant full control access without requiring login
if !auth_state.config.enabled { if !auth_state.config.enabled {
return Ok(HttpResponse::NotFound().finish()); return Ok(HttpResponse::Ok().json(SessionStatus {
authenticated: true,
role: Some("control".to_string()),
}));
} }
let session_id = extract_session_id(&req); let session_id = extract_session_id(&req);