mirror of
https://codeberg.org/muon/home.git
synced 2026-07-03 23:49:35 +00:00
30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
--- a/src/config.ts
|
|
+++ b/src/config.ts
|
|
@@ -137,15 +137,7 @@
|
|
|
|
raw.debug = normalizeDebugMode(raw.debug);
|
|
|
|
- // Auto-generate API key if none configured
|
|
- if (!raw["api-keys"] || raw["api-keys"].length === 0) {
|
|
- const key = generateApiKey();
|
|
- raw["api-keys"] = [key];
|
|
- fs.writeFileSync(filePath, yaml.dump(raw, { lineWidth: -1 }), {
|
|
- mode: 0o600,
|
|
- });
|
|
- console.log(`\nGenerated API key (saved to ${filePath}):\n\n ${key}\n`);
|
|
- }
|
|
+ // Empty api-keys = unauthenticated mode (safe when binding to localhost).
|
|
|
|
return { ...raw, "api-keys": new Set(raw["api-keys"]) };
|
|
}
|
|
--- a/src/server.ts
|
|
+++ b/src/server.ts
|
|
@@ -94,6 +94,8 @@
|
|
// API key auth middleware — accepts both OpenAI style (Authorization: Bearer)
|
|
// and Anthropic style (x-api-key), so Claude Code and OpenAI clients both work
|
|
const requireApiKey: express.RequestHandler = (req, res, next) => {
|
|
+ // No keys configured — unauthenticated mode (localhost-only).
|
|
+ if (config["api-keys"].size === 0) { next(); return; }
|
|
const key = extractApiKey(req.headers);
|
|
if (!key) {
|
|
res.status(401).json({ error: { message: "Missing API key" } });
|