[codex] fix auth startup and profile model defaults (#966)

* docs release 0.6.0 changelog * fix auth startup and profile model defaults
2026-05-24 14:00:31 +08:00
parent 634a622934
commit f61a1d9454
24 changed files with 310 additions and 30 deletions
@@ -83,6 +83,13 @@ async function allowServerTokenForMedia(ctx: Context, token: string): Promise<bo
  return true
 }

+function isProtectedHttpPath(path: string): boolean {
+  const lowerPath = path.toLowerCase()
+  return lowerPath.startsWith('/api') ||
+    lowerPath.startsWith('/v1') ||
+    lowerPath.startsWith('/upload')
+}
+
 export function signUserJwt(user: Pick<UserRecord, 'id' | 'username' | 'role'>, secret: string, now = Date.now()): string {
  const iat = Math.floor(now / 1000)
  const payload: JwtPayload = {
@@ -154,6 +161,11 @@ export async function isAuthEnabled(): Promise<boolean> {
 }

 export async function requireUserJwt(ctx: Context, next: Next): Promise<void> {
+  if (!isProtectedHttpPath(ctx.path)) {
+    await next()
+    return
+  }
+
  const secret = await getJwtSecret()
  if (!secret) {
    await next()