fix: only require metrics password if set (#1715)

2025-03-06 11:45:03 +01:00
parent 842475f799
commit 93db67bab6
1 changed files with 25 additions and 25 deletions
--- a/src/server/utils/handler.ts
+++ b/src/server/utils/handler.ts
@@ -138,34 +138,27 @@ export const defineMetricsHandler = <
  handler: MetricsHandler<TReq, TRes>
 ) => {
  return defineEventHandler(async (event) => {
-    const auth = getHeader(event, 'Authorization');
-
-    if (!auth) {
-      throw createError({
-        statusCode: 401,
-        statusMessage: 'Unauthorized',
-      });
-    }
-
-    const [method, value] = auth.split(' ');
-
-    if (method !== 'Bearer' || !value) {
-      throw createError({
-        statusCode: 401,
-        statusMessage: 'Bearer Auth required',
-      });
-    }
-
    const metricsConfig = await Database.general.getMetricsConfig();

-    if (metricsConfig[type] !== true) {
-      throw createError({
-        statusCode: 400,
-        statusMessage: 'Metrics not enabled',
-      });
-    }
-
    if (metricsConfig.password) {
+      const auth = getHeader(event, 'Authorization');
+
+      if (!auth) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Unauthorized',
+        });
+      }
+
+      const [method, value] = auth.split(' ');
+
+      if (method !== 'Bearer' || !value) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Bearer Auth required',
+        });
+      }
+
      const tokenValid = await isPasswordValid(value, metricsConfig.password);

      if (!tokenValid) {
@@ -176,6 +169,13 @@ export const defineMetricsHandler = <
      }
    }

+    if (metricsConfig[type] !== true) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Metrics not enabled',
+      });
+    }
+
    return await handler({ event });
  });
 };