Fix AUTH_PROVIDERS environment variable not being read#3
Open
laurigates wants to merge 1 commit intocclloyd:mainfrom
Open
Fix AUTH_PROVIDERS environment variable not being read#3laurigates wants to merge 1 commit intocclloyd:mainfrom
laurigates wants to merge 1 commit intocclloyd:mainfrom
Conversation
The AUTH_PROVIDERS configuration was incorrectly reading from process.env.LOGIN_DURATION instead of process.env.AUTH_PROVIDERS, causing authentication settings to be ignored. Additionally, empty strings are now properly filtered to allow disabling authentication by setting AUTH_PROVIDERS to an empty value. Fixes authentication bypass when AUTH_PROVIDERS is set to empty string. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes a bug where the
AUTH_PROVIDERSconfiguration was incorrectly reading fromprocess.env.LOGIN_DURATIONinstead ofprocess.env.AUTH_PROVIDERS, causing authentication settings to be completely ignored.Changes
src/env.tsline 43 to read from the correct environment variable.filter((p) => p.trim())to properly handle empty strings, allowing authentication to be disabled by settingAUTH_PROVIDERSto an empty valueIssue
When
AUTH_PROVIDERSwas set in the environment (e.g.,AUTH_PROVIDERS: ''in docker-compose.yml), the value was ignored and the default'discord,oidc'was always used instead. This made it impossible to disable authentication as documented.Testing
Tested with
AUTH_PROVIDERS: ''in docker-compose.yml - authentication is now properly disabled and the API is accessible without tokens.🤖 Generated with Claude Code