fix: allow access to /keyauth paths without OAuth2

FreekBes · FreekBes · commit c2db2bef53ff · 2026-01-26T16:13:55.000+01:00
diff --git a/src/handlers/middleware.ts b/src/handlers/middleware.ts
@@ -2,10 +2,14 @@ import express from 'express';
 import { Request, Response, NextFunction } from "express";
 import { CustomSessionData } from "./session";
 import { IntraUser } from '../intra/oauth';
-import { hasPiscineHistoryAccess } from '../utils';
+import { checkDirectAuthSecret, hasPiscineHistoryAccess } from '../utils';
 
 
 const checkIfAuthenticated = function(req: Request, res: Response, next: NextFunction) {
+	if (req.path.endsWith('/keyauth') && checkDirectAuthSecret(req)) {
+		// Authorization Bearer header is valid, do not require authentication using OAuth2
+		return next();
+	}
 	if (req.path.startsWith('/login') || req.path.startsWith('/logout') || res.statusCode === 503) {
 		return next();
 	}
