Fix: skip account setup when ALLOW_UNAUTHENTICATED is true

[tejashah88]

Fixes #201 with the following changes:

1. Checks for ALLOW_UNAUTHENTICATED at appropriate locations when visiting localhost:3000.
2. Hides the "Logoff" header button when ALLOW_UNAUTHENTICATED is set to true.

Preview of header change when ALLOW_UNAUTHENTICATED=true:

Tested with the following environment:

• OS: Windows 10 Pro
• Install Process: Native (bun install & bun run dev)
• Node: v20.18.0
• Bun: v1.1.42

Environment variables set during local development:

ACCOUNT_REGISTRATION=false
ALLOW_UNAUTHENTICATED=true
AUTO_DELETE_EVERY_N_HOURS=0
HTTP_ALLOWED=true

Let me know if any other changes are needed. Looking forward to your feedback @C4illin!

Summary by Sourcery

Bug Fixes:

• Fixed a bug where account setup was required even when unauthenticated users were allowed.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request introduces changes to skip the account setup process and hide the "Logoff" button when ALLOW_UNAUTHENTICATED is true.

Sequence diagram for authentication flow changes

sequenceDiagram
    actor User
    participant App
    participant Auth
    participant DB

    User->>App: Visit /
    alt ALLOW_UNAUTHENTICATED is true
        App->>Auth: Generate temporary user ID
        Auth-->>App: Return JWT token
        App-->>User: Show main page
    else ALLOW_UNAUTHENTICATED is false
        alt FIRST_RUN is true
            App-->>User: Redirect to /setup
        else No auth cookie
            App-->>User: Redirect to /login
        else Has auth cookie
            App->>Auth: Verify JWT
            Auth-->>App: User info
            App->>DB: Check user exists
            DB-->>App: User status
            alt User exists
                App-->>User: Show main page
            else User doesn't exist
                App-->>User: Redirect to /login
            end
        end
    end

Loading

State diagram for Header component

stateDiagram-v2
    [*] --> CheckAuthSettings
    CheckAuthSettings --> UnauthenticatedHeader: ALLOW_UNAUTHENTICATED=true
    CheckAuthSettings --> AuthenticatedHeader: ALLOW_UNAUTHENTICATED=false

    state UnauthenticatedHeader {
        [*] --> ShowNavLinks
        ShowNavLinks --> HideLogoutButton
    }

    state AuthenticatedHeader {
        [*] --> ShowNavLinks
        ShowNavLinks --> ShowLogoutButton
    }

Loading

File-Level Changes

Change	Details	Files
Skip account setup when ALLOW_UNAUTHENTICATED is true	Added a conditional check for the ALLOW_UNAUTHENTICATED environment variable to bypass the account setup redirect when visiting the root route (/). Added a conditional check for the ALLOW_UNAUTHENTICATED environment variable to bypass the authentication check and redirect when visiting the root route (/). Moved the JWT verification and user existence check to execute only when ALLOW_UNAUTHENTICATED is false and auth.value is present. Generated a new user ID and set the authentication cookie when ALLOW_UNAUTHENTICATED is true and auth.value is not present.	src/index.tsx
Hide "Logoff" button when ALLOW_UNAUTHENTICATED is true	Added a conditional check for the ALLOW_UNAUTHENTICATED environment variable to hide the "Logoff" button in the header component. Passed the allowUnauthenticated prop to the Header component in multiple locations within the src/index.tsx file. Added allowUnauthenticated prop to the Header component.	src/components/header.tsx src/index.tsx

Assessment against linked issues

Issue	Objective	Addressed	Explanation
#201	Prevent forced account registration when ALLOW_UNAUTHENTICATED is set to true	✅
#201	Modify routing to skip setup page when ALLOW_UNAUTHENTICATED is enabled	✅
#201	Hide logout button when ALLOW_UNAUTHENTICATED is true	✅

Possibly linked issues

• Still required to register for new account despite ACCOUNT_REGISTRATION=false and ALLOW_UNAUTHENTICATED=true #201: The PR fixes the issue by checking for ALLOW_UNAUTHENTICATED at appropriate locations when visiting localhost:3000 and hiding the "Logoff" header button when ALLOW_UNAUTHENTICATED is set to true.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @tejashah88 - I've reviewed your changes and they look great!

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[C4illin]

Looks good! Thanks for this! Will check out the calibre error in the build process