Skip to content

feat: make API key authentication optional#2

Merged
Natxo09 merged 3 commits into
mainfrom
feat/optional-api-key-auth
Jun 12, 2026
Merged

feat: make API key authentication optional#2
Natxo09 merged 3 commits into
mainfrom
feat/optional-api-key-auth

Conversation

@Natxo09

@Natxo09 Natxo09 commented Jun 12, 2026

Copy link
Copy Markdown
Owner

Closes #1

Adds an auth.enabled config flag (default true) so the built-in API key check can be disabled, for setups that delegate authentication to a reverse proxy (HTTP basic auth, OIDC/forward-auth, etc.) — as requested in #1.

Behavior

  • auth.enabled: false disables all authentication, including the admin endpoints — the reverse proxy becomes the only trust boundary.
  • Logs a prominent startup warning when disabled; louder if bindAddress is not loopback.
  • Read live: toggle it from the dashboard (Settings → Require API Key), no restart needed.
  • Backward compatible: existing configs default to enabled.

Also in this PR

  • Dashboard: project logo in the sidebar header and as the favicon.
  • Docs updated (README, MODRINTH_README, OpenAPI description).
  • Version bump 1.1.0 → 1.2.0.

Testing

  • ./gradlew build green.
  • Verified on runServer: 401 without key / 200 with key when enabled; live toggle → 200 without key (incl. /api/admin/keys) when disabled; re-enabling restores 401; the flag persists to config/mcrestapi.json.

Natxo09 added 3 commits June 12, 2026 11:17
@Natxo09
feat: make API key authentication optional via auth.enabled
5c42fd2 
Add an `auth.enabled` config flag (default true) so the built-in API key
check can be disabled for setups that delegate authentication to a reverse
proxy (HTTP basic auth, OIDC/forward-auth, etc.).

When disabled, both the regular and admin auth layers pass through, so all
endpoints are open and the reverse proxy becomes the trust boundary. The
server logs a prominent startup warning, louder when not bound to a loopback
address. The flag is read live, so it can be toggled from the dashboard
(Settings -> Require API Key) without a restart.

Closes #1
@Natxo09
feat(dashboard): use logo image in sidebar and favicon
0fd3152 
Replace the green status dot in the sidebar header with the project logo
(rounded chip) and swap the dashboard favicon for the same artwork,
downscaled to 256x256.
@Natxo09
chore: release 1.2.0
33243ec
@Natxo09 Natxo09 merged commit 7469d2b into main Jun 12, 2026
2 checks passed
@Natxo09 Natxo09 deleted the feat/optional-api-key-auth branch June 12, 2026 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

make api key optional?

1 participant

@Natxo09