Don't require authentication for the /version endpoint.

It will still hide the `db` and `os` values from non-admins though.

lib/www/server/api/index.js

@@ -75,6 +75,9 @@ app.map({
 		get: [ mw.user.logout ],
 		post: [ mw.user.logout ]
 	},
+	'/version': {
+		get: [ mw.version.get ]
+	},
 	'/': {
 		get: [ mw.openapi.get ]
 	}
@@ -87,9 +90,6 @@ app.use(mw.etag.ifNoneMatch);
 
 // We must be authenticated before we can access these
 app.map({
-	'/version': {
-		get: [ mw.version.get ]
-	},
 	'/project': {
 		get: [ mw.project.get ],  // Get list of projects
 		post: [ mw.auth.access.admin, mw.project.post ], // Create a new project

lib/www/server/api/middleware/version/get.js

@@ -5,7 +5,7 @@ module.exports = async function (req, res, next) {
 
 	try {
 		const v = await version();
-		if (req.user.role != "admin" && req.user.role != "user") {
+		if (req.user?.role != "admin" && req.user?.role != "user") {
 			delete v.os;
 			delete v.db;
 		}