From 2e5680d29a4f9c40a711f6381d5ada210abe046f Mon Sep 17 00:00:00 2001
From: "Maxime Alves LIRMM@home" <maxime.alves@lirmm.fr>
Date: Fri, 21 Jan 2022 14:39:34 +0100
Subject: [PATCH] [auth] dont activate authenticationMiddleware if secret is
 missing. NO SECRET ONLY IN FULLY PUBLIC DOMAINS!!!

---
 halfapi/halfapi.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/halfapi/halfapi.py b/halfapi/halfapi.py
index 7305570..7009b42 100644
--- a/halfapi/halfapi.py
+++ b/halfapi/halfapi.py
@@ -129,10 +129,11 @@ class HalfAPI(Starlette):
 
         self.add_route('/', JSONRoute(schemas))
 
-        self.add_middleware(
-            AuthenticationMiddleware,
-            backend=JWTAuthenticationBackend()
-        )
+        if SECRET:
+            self.add_middleware(
+                AuthenticationMiddleware,
+                backend=JWTAuthenticationBackend()
+            )
 
         if not PRODUCTION:
             self.add_middleware(