fix: auth env var must have no value, as well as assigned username incase a falsy value is set

api/.env.example

@@ -53,7 +53,7 @@ MEILI_HTTP_ADDR='meilisearch:7700'  # <-- docker-compose
 # Meilisearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes, 
 # Meilisearch will suggest a secure autogenerated master key.
 # Using docker, it seems recognized as production so use a secure key.
-# MEILI_MASTER_KEY=                                           # <-- no/insecure key for local/remote
+# MEILI_MASTER_KEY=                                           # <-- empty/insecure key works for local/remote
 MEILI_MASTER_KEY=JKMW-hGc7v_D1FkJVdbRSDNFLZcUv3S75yrxXP0SmcU # <-- ready made secure key for docker-compose
 
 
@@ -61,4 +61,4 @@ MEILI_MASTER_KEY=JKMW-hGc7v_D1FkJVdbRSDNFLZcUv3S75yrxXP0SmcU # <-- ready made se
 # global enable/disable the sample user system.
 # this is not a ready to use user system.
 # dont't use it, unless you can write your own code.
-ENABLE_USER_SYSTEM=FALSE
+# ENABLE_USER_SYSTEM=  # <-- make sure you don't comment this back in if you're using your own user system

api/server/routes/auth.js

@@ -1,46 +1,57 @@
 const express = require('express');
 const router = express.Router();
 const authYourLogin = require('./authYourLogin');
-const userSystemEnabled = process.env.ENABLE_USER_SYSTEM || false
+const userSystemEnabled = !!process.env.ENABLE_USER_SYSTEM || false;
 
 router.get('/login', function (req, res) {
-  if (userSystemEnabled)
-    res.redirect('/auth/your_login_page')
-  else
-    res.redirect('/')  
-})
-  
+  if (userSystemEnabled) {
+    res.redirect('/auth/your_login_page');
+  } else {
+    res.redirect('/');
+  }
+});
+
 router.get('/logout', function (req, res) {
   // clear the session
-  req.session.user = null
+  req.session.user = null;
 
-  req.session.save(function (error) {
-    if (userSystemEnabled)
-      res.redirect('/auth/your_login_page/logout')
-    else
-      res.redirect('/') 
-  })  
-})
+  req.session.save(function () {
+    if (userSystemEnabled) {
+      res.redirect('/auth/your_login_page/logout');
+    } else {
+      res.redirect('/');
+    }
+  });
+});
 
 const authenticatedOr401 = (req, res, next) => {
   if (userSystemEnabled) {
     const user = req?.session?.user;
 
-    if (user) next();
-    else res.status(401).end();
-  } else next();
-}
+    if (user) {
+      next();
+    } else {
+      res.status(401).end();
+    }
+  } else {
+    next();
+  }
+};
 
 const authenticatedOrRedirect = (req, res, next) => {
   if (userSystemEnabled) {
     const user = req?.session?.user;
 
-    if (user) next();
-    else res.redirect('/auth/login').end();
+    if (user) {
+      next();
+    } else {
+      res.redirect('/auth/login').end();
+    }
   } else next();
+};
+
+if (userSystemEnabled) {
+  router.use('/your_login_page', authYourLogin);
 }
 
-if (userSystemEnabled)
-  router.use('/your_login_page', authYourLogin);
-
 module.exports = { router, authenticatedOr401, authenticatedOrRedirect };

api/server/routes/authYourLogin.js

@@ -5,36 +5,40 @@ const router = express.Router();
 // THIS IS NOT A READY TO USE USER SYSTEM
 // PLEASE IMPLEMENT YOUR OWN USER SYSTEM
 
-const userSystemEnabled = process.env.ENABLE_USER_SYSTEM || false
+const userSystemEnabled = process.env.ENABLE_USER_SYSTEM || false;
 
 // Logout
 router.get('/logout', (req, res) => {
   // Do anything you want
-  console.warn('logout not implemented!')
+  console.warn('logout not implemented!');
 
   // finish
-  res.redirect('/')
+  res.redirect('/');
 });
-  
+
 // Login
 router.get('/', async (req, res) => {
   // Do anything you want
-  console.warn('login not implemented! Automatic passed as sample user')
+  console.warn('login not implemented! Automatic passed as sample user');
 
   // save the user info into session
   // username will be used in db
   // display will be used in UI
-  req.session.user = {
-    username: 'sample_user',
-    display: 'Sample User',
+  if (userSystemEnabled) {
+    req.session.user = {
+      username: null, // was 'sample_user', but would break previous relationship with previous conversations before v0.1.0
+      display: 'Sample User'
+    };
   }
 
   req.session.save(function (error) {
-    if (error) {    
-        console.log(error);
-        res.send(`<h1>Login Failed. An error occurred. Please see the server logs for details.</h1>`);
-    } else res.redirect('/')
-  })
+    if (error) {
+      console.log(error);
+      res.send(`<h1>Login Failed. An error occurred. Please see the server logs for details.</h1>`);
+    } else {
+      res.redirect('/');
+    }
+  });
 });
 
 module.exports = router;