From c615727acf927c7e04b64831fe58baab58d5c2d8 Mon Sep 17 00:00:00 2001
From: "D. Berge" <dberge@aaltronav.eu>
Date: Thu, 2 Nov 2023 23:48:46 +0100
Subject: [PATCH] Don't require authentication for the /version endpoint.

It will still hide the `db` and `os` values from non-admins though.
---
 lib/www/server/api/index.js                  | 6 +++---
 lib/www/server/api/middleware/version/get.js | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/www/server/api/index.js b/lib/www/server/api/index.js
index 2b38a3e..4f9c9db 100644
--- a/lib/www/server/api/index.js
+++ b/lib/www/server/api/index.js
@@ -75,6 +75,9 @@ app.map({
 		get: [ mw.user.logout ],
 		post: [ mw.user.logout ]
 	},
+	'/version': {
+		get: [ mw.version.get ]
+	},
 	'/': {
 		get: [ mw.openapi.get ]
 	}
@@ -87,9 +90,6 @@ app.use(mw.etag.ifNoneMatch);
 
 // We must be authenticated before we can access these
 app.map({
-	'/version': {
-		get: [ mw.version.get ]
-	},
 	'/project': {
 		get: [ mw.project.get ],  // Get list of projects
 		post: [ mw.auth.access.admin, mw.project.post ], // Create a new project
diff --git a/lib/www/server/api/middleware/version/get.js b/lib/www/server/api/middleware/version/get.js
index ef831da..992269c 100644
--- a/lib/www/server/api/middleware/version/get.js
+++ b/lib/www/server/api/middleware/version/get.js
@@ -5,7 +5,7 @@ module.exports = async function (req, res, next) {
 
 	try {
 		const v = await version();
-		if (req.user.role != "admin" && req.user.role != "user") {
+		if (req.user?.role != "admin" && req.user?.role != "user") {
 			delete v.os;
 			delete v.db;
 		}