Merge pull request #67 from bouwe77/auth-exclude-static-folder

feat: static folder never requires an auth header
bouwe77 · Jun 21, 2024 · 35ddb68 · 35ddb68
2 parents 01247e8 + 7639a8c
commit 35ddb68
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "temba",
-  "version": "0.30.1",
+  "version": "0.30.2",
   "description": "Get a simple REST API with zero coding in less than 30 seconds (seriously).",
   "type": "module",
   "main": "dist/src/index.js",

diff --git a/src/index.ts b/src/index.ts
@@ -35,6 +35,13 @@ const createServer = (userConfig?: UserConfig) => {
   // Enable CORS for all requests.
   app.use(cors({ origin: true, credentials: true }))
 
+  // Serve a static folder, if configured.
+  // Because it is defined before the auth middleware, the static folder is served without authentication,
+  // because it is not convenient to add an auth header to a web page in the browser.
+  if (config.staticFolder) {
+    app.use(express.static(config.staticFolder))
+  }
+
   // If enabled, add auth middleware to all requests, and disable the tokens resource.
   if (isAuthEnabled()) {
     app.use(createAuthMiddleware(queries))
@@ -47,11 +54,6 @@ const createServer = (userConfig?: UserConfig) => {
     app.use(delayMiddleware)
   }
 
-  // Serve a static folder, if configured.
-  if (config.staticFolder) {
-    app.use(express.static(config.staticFolder))
-  }
-
   // On the root URL (with apiPrefix, if applicable) only a GET is allowed.
   const rootRouter = express.Router()
   const rootPath = config.apiPrefix ? `${config.apiPrefix}` : '/'