From d02214a610884c6c28c79cffb65a9f2be2f3814a Mon Sep 17 00:00:00 2001
From: Yunkon Kim <hermitkim1@gmail.com>
Date: Wed, 15 Nov 2023 22:37:08 +0900
Subject: [PATCH] Add option to skip BasicAuth

---
 Dockerfile                    | 2 ++
 conf/setup.env                | 2 ++
 src/api/rest/server/server.go | 6 ++++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4ca9010e9..04c9ad53e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -56,6 +56,8 @@ ENV DB_PASSWORD cb_tumblebug
 # API Setting
 # ALLOW_ORIGINS (ex: https://cloud-barista.org,xxx.xxx.xxx.xxx or * for all)
 ENV ALLOW_ORIGINS *
+## Set SKIP_BASIC_AUTH=true to skip basic auth for all routes (i.e., url or path)
+ENV SKIP_BASIC_AUTH false
 ENV API_USERNAME default
 ENV API_PASSWORD default
 
diff --git a/conf/setup.env b/conf/setup.env
index 4c52d2061..a0c989889 100644
--- a/conf/setup.env
+++ b/conf/setup.env
@@ -9,6 +9,8 @@ export API_USERNAME=default
 export API_PASSWORD=default
 ## ALLOW_ORIGINS (ex: https://cloud-barista.org,http://localhost:8080 or * for all)
 export ALLOW_ORIGINS=*
+## Set SKIP_BASIC_AUTH=true to skip basic auth for all routes (i.e., url or path)
+export SKIP_BASIC_AUTH=false
 ## Set SELF_ENDPOINT, to access Swagger API dashboard outside (Ex: export SELF_ENDPOINT=x.x.x.x:1323)
 export SELF_ENDPOINT=localhost:1323
 
diff --git a/src/api/rest/server/server.go b/src/api/rest/server/server.go
index 2797b0186..370a028b0 100644
--- a/src/api/rest/server/server.go
+++ b/src/api/rest/server/server.go
@@ -18,7 +18,6 @@ import (
 	"context"
 	"log"
 	"os/signal"
-	"strings"
 	"sync"
 	"syscall"
 	"time"
@@ -107,12 +106,15 @@ func RunServer(port string) {
 		AllowMethods: []string{http.MethodGet, http.MethodPut, http.MethodPost, http.MethodDelete},
 	}))
 
+	// Conditions to prevent abnormal operation due to typos (e.g., ture, falss, etc.)
+	skipBasicAuthOption := os.Getenv("SKIP_BASIC_AUTH") == "true"
+
 	apiUser := os.Getenv("API_USERNAME")
 	apiPass := os.Getenv("API_PASSWORD")
 
 	e.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
 		Skipper: func(c echo.Context) bool {
-			if strings.HasPrefix(c.Request().Host, "localhost") ||
+			if skipBasicAuthOption ||
 				c.Path() == "/tumblebug/health" ||
 				c.Path() == "/tumblebug/httpVersion" {
 				// c.Path() == "/tumblebug/swagger/*" {