about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--streaming/index.js20
1 files changed, 13 insertions, 7 deletions
diff --git a/streaming/index.js b/streaming/index.js
index 94568ee9a..851dc72ea 100644
--- a/streaming/index.js
+++ b/streaming/index.js
@@ -16,6 +16,7 @@ const WebSocket = require('ws');
 const { JSDOM } = require('jsdom');
 
 const env = process.env.NODE_ENV || 'development';
+const alwaysRequireAuth = process.env.LIMITED_FEDERATION_MODE === 'true' || process.env.WHITELIST_MODE === 'true' || process.env.AUTHORIZED_FETCH === 'true';
 
 dotenv.config({
   path: env === 'production' ? '.env.production' : '.env',
@@ -346,17 +347,22 @@ const startWorker = async (workerId) => {
    * @param {boolean=} required
    * @return {Promise.<void>}
    */
-  const accountFromRequest = (req) => new Promise((resolve, reject) => {
+  const accountFromRequest = (req, required = true) => new Promise((resolve, reject) => {
     const authorization = req.headers.authorization;
     const location      = url.parse(req.url, true);
     const accessToken   = location.query.access_token || req.headers['sec-websocket-protocol'];
 
     if (!authorization && !accessToken) {
-      const err = new Error('Missing access token');
-      err.status = 401;
+      if (required) {
+        const err = new Error('Missing access token');
+        err.status = 401;
 
-      reject(err);
-      return;
+        reject(err);
+        return;
+      } else {
+        resolve();
+        return;
+      }
     }
 
     const token = authorization ? authorization.replace(/^Bearer /, '') : accessToken;
@@ -460,7 +466,7 @@ const startWorker = async (workerId) => {
     // variables. OAuth scope checks are moved to the point of subscription
     // to a specific stream.
 
-    accountFromRequest(info.req).then(() => {
+    accountFromRequest(info.req, alwaysRequireAuth).then(() => {
       callback(true, undefined, undefined);
     }).catch(err => {
       log.error(info.req.requestId, err.toString());
@@ -534,7 +540,7 @@ const startWorker = async (workerId) => {
       return;
     }
 
-    accountFromRequest(req).then(() => checkScopes(req, channelNameFromPath(req))).then(() => {
+    accountFromRequest(req, alwaysRequireAuth).then(() => checkScopes(req, channelNameFromPath(req))).then(() => {
       subscribeHttpToSystemChannel(req, res);
     }).then(() => {
       next();
generated by cgit-pink (git 2.37.1) at 2025-06-19 16:30:09 +0000