Allowing auth to be disabled in config.

src/auth.js

@@ -1,5 +1,6 @@
 'use strict';
 
+const config = require('config');
 const util = require('util');
 const crypto = require('crypto');
 
@@ -21,6 +22,10 @@ async function verifyPassword(password, storedPassword) {
 }
 
 async function login(credentials) {
+	if (!config.auth.enabled) {
+		throw new HttpError('Authentication is disabled', 405);
+	}
+
 	const user = await fetchUser(credentials.username, true);
 
 	if (!user) {
@@ -33,6 +38,10 @@ async function login(credentials) {
 }
 
 async function signup(credentials) {
+	if (!config.auth.enabled) {
+		throw new HttpError('Authentication is disabled', 405);
+	}
+
 	if (!credentials.username) {
 		throw new HttpError('Username required', 400);
 	}

src/web/server.js

@@ -116,6 +116,7 @@ async function initServer() {
 		res.render(path.join(__dirname, '../../assets/index.ejs'), {
 			env: JSON.stringify({
 				sfw: !!req.headers.sfw || Object.prototype.hasOwnProperty.call(req.query, 'sfw'),
+				auth: config.auth.enabled,
 				sessionId: req.session.safeId,
 			}),
 		});