Allow access to /features endpoint without login

maubot/management/api/__init__.py

@@ -19,12 +19,20 @@ import importlib
 
 from ...config import Config
 from .base import routes, get_config, set_config, set_loop
+from .auth import check_token
 from .middleware import auth, error
 
 
 @routes.get("/features")
-def features(_: web.Request) -> web.Response:
-    return web.json_response(get_config()["api_features"])
+def features(request: web.Request) -> web.Response:
+    data = get_config()["api_features"]
+    err = check_token(request)
+    if err is None:
+        return web.json_response(data)
+    else:
+        return web.json_response({
+            "login": data["login"],
+        })
 
 
 def init(cfg: Config, loop: AbstractEventLoop) -> web.Application:

maubot/management/api/auth.py

@@ -69,4 +69,4 @@ async def ping(request: web.Request) -> web.Response:
     user = data.get("user_id", None)
     if not get_config().is_admin(user):
         return resp.invalid_token
-    return resp.pong(user)
+    return resp.pong(user, get_config()["api_features"])

maubot/management/api/middleware.py

@@ -29,7 +29,7 @@ log = logging.getLogger("maubot.server")
 @web.middleware
 async def auth(request: web.Request, handler: Handler) -> web.Response:
     subpath = request.path[len(get_config()["server.base_path"]):]
-    if subpath.startswith("/auth/") or subpath == "/logs":
+    if subpath.startswith("/auth/") or subpath == "/features" or subpath == "/logs":
         return await handler(request)
     err = check_token(request)
     if err is not None:

maubot/management/api/responses.py

@@ -294,9 +294,10 @@ class _Response:
             "token": token,
         })
 
-    def pong(self, user: str) -> web.Response:
+    def pong(self, user: str, features: dict) -> web.Response:
         return self.found({
             "username": user,
+            "features": features,
         })
 
     @staticmethod

maubot/management/frontend/src/api.js

@@ -64,15 +64,13 @@ export async function login(username, password) {
 let features = null
 
 export async function ping() {
-    if (!features) {
-        await remoteGetFeatures()
-    }
     const response = await fetch(`${BASE_PATH}/auth/ping`, {
         method: "POST",
         headers: getHeaders(),
     })
     const json = await response.json()
     if (json.username) {
+        features = json.features
         return json.username
     } else if (json.errcode === "auth_token_missing" || json.errcode === "auth_token_invalid") {
         return null