From 7fb22d41a0359ce3561de6c086c1934dc45be19a Mon Sep 17 00:00:00 2001
From: zadam <adam.zivner@gmail.com>
Date: Sat, 29 Aug 2020 00:11:50 +0200
Subject: [PATCH] allow disabling authentication for server version, closes
 #1132

---
 config-sample.ini    | 3 +++
 src/services/auth.js | 9 ++++++---
 src/services/ws.js   | 5 ++++-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/config-sample.ini b/config-sample.ini
index 20c747197..8393c8725 100644
--- a/config-sample.ini
+++ b/config-sample.ini
@@ -2,6 +2,9 @@
 # Instance name can be used to distinguish between different instances
 instanceName=
 
+# set to true to allow using Trilium without authentication (makes sense for server build only, desktop build doesn't need password)
+noAuthentication=false
+
 # Disable automatically generating desktop icon
 # noDesktopIcon=true
 
diff --git a/src/services/auth.js b/src/services/auth.js
index 0641520c8..08fd0457a 100644
--- a/src/services/auth.js
+++ b/src/services/auth.js
@@ -6,12 +6,15 @@ const sqlInit = require('./sql_init');
 const utils = require('./utils');
 const passwordEncryptionService = require('./password_encryption');
 const optionService = require('./options');
+const config = require('./config');
+
+const noAuthentication = config.General && config.General.noAuthentication === true;
 
 function checkAuth(req, res, next) {
     if (!sqlInit.isDbInitialized()) {
         res.redirect("setup");
     }
-    else if (!req.session.loggedIn && !utils.isElectron()) {
+    else if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
         res.redirect("login");
     }
     else {
@@ -22,7 +25,7 @@ function checkAuth(req, res, next) {
 // for electron things which need network stuff
 // currently we're doing that for file upload because handling form data seems to be difficult
 function checkApiAuthOrElectron(req, res, next) {
-    if (!req.session.loggedIn && !utils.isElectron()) {
+    if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
         reject(req, res, "Not authorized");
     }
     else {
@@ -31,7 +34,7 @@ function checkApiAuthOrElectron(req, res, next) {
 }
 
 function checkApiAuth(req, res, next) {
-    if (!req.session.loggedIn) {
+    if (!req.session.loggedIn && !noAuthentication) {
         reject(req, res, "Not authorized");
     }
     else {
diff --git a/src/services/ws.js b/src/services/ws.js
index 83a22a319..400932d31 100644
--- a/src/services/ws.js
+++ b/src/services/ws.js
@@ -3,6 +3,7 @@ const utils = require('./utils');
 const log = require('./log');
 const sql = require('./sql');
 const cls = require('./cls');
+const config = require('./config');
 const syncMutexService = require('./sync_mutex');
 const protectedSessionService = require('./protected_session');
 
@@ -12,7 +13,9 @@ function init(httpServer, sessionParser) {
     webSocketServer = new WebSocket.Server({
         verifyClient: (info, done) => {
             sessionParser(info.req, {}, () => {
-                const allowed = utils.isElectron() || info.req.session.loggedIn;
+                const allowed = utils.isElectron()
+                    || info.req.session.loggedIn
+                    || (config.General && config.General.noAuthentication);
 
                 if (!allowed) {
                     log.error("WebSocket connection not allowed because session is neither electron nor logged in.");