From b6c0349203cb5839191f75af753e27ac90b20951 Mon Sep 17 00:00:00 2001
From: Zef Hemel <zef@zef.me>
Date: Thu, 15 Dec 2022 12:59:31 +0100
Subject: [PATCH] Remove authentication on manifest.json file (and favicon just
 in case)

---
 server/http_server.ts | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/server/http_server.ts b/server/http_server.ts
index 3c26853..c8278b0 100644
--- a/server/http_server.ts
+++ b/server/http_server.ts
@@ -178,20 +178,26 @@ export class HttpServer {
   }
 
   private addPasswordAuth(app: Application) {
+    const excludedPaths = ["/manifest.json", "/favicon.png"];
     if (this.user) {
       app.use(async ({ request, response }, next) => {
-        if (
-          request.headers.get("Authorization") ===
-            `Basic ${btoa(this.user!)}`
-        ) {
-          await next();
+        if (!excludedPaths.includes(request.url.pathname)) {
+          if (
+            request.headers.get("Authorization") ===
+              `Basic ${btoa(this.user!)}`
+          ) {
+            await next();
+          } else {
+            response.status = 401;
+            response.headers.set(
+              "WWW-Authenticate",
+              `Basic realm="Please enter your username and password"`,
+            );
+            response.body = "Unauthorized";
+          }
         } else {
-          response.status = 401;
-          response.headers.set(
-            "WWW-Authenticate",
-            `Basic realm="Please enter your username and password"`,
-          );
-          response.body = "Unauthorized";
+          // Unauthenticated access to excluded paths
+          await next();
         }
       });
     }