[PR #651] [MERGED] Allow JWT authentication into legacy APIs #716

New issue

Closed

opened 2026-02-25 23:35:14 +03:00 by kerem · 0 comments

kerem commented

2026-02-25 23:35:14 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/go-shiori/shiori/pull/651
Author: @fmartingr
Created: 7/20/2023
Status: ✅ Merged
Merged: 7/21/2023
Merged by: @fmartingr

Base: master ← Head: feat/cross-api-authentication

📝 Commits (4)

26c055d typo: letter in login page
64ec8cf httpconfig set defaults for secret key with warn
4da2fa9 allow new authentication in old api
09df5a3 Updated warn log

📊 Changes

9 files changed (+48 additions, -467 deletions)

View changed files

📝 internal/cmd/server.go (+2 -10)
📝 internal/config/config.go (+10 -5)
📝 internal/http/routes/legacy.go (+1 -1)
📝 internal/view/login.html (+1 -1)
📝 internal/webserver/handler-api.go (+0 -95)
📝 internal/webserver/handler-ui.go (+0 -70)
📝 internal/webserver/handler.go (+30 -8)
📝 internal/webserver/server.go (+3 -211)
📝 internal/webserver/utils.go (+1 -66)

📄 Description

Summary

Allow authentication into the legacy APIs using the new login endpoint JWT provided token. The session will be valid if the requests contains a valid JWT token as the new API does and will let the request go through.

Now that this login method can be used anywhere, this pull request also addresses an empty secret key in the configuration. Instead of leaving it empty, it will create a new random one (from an uuidv4) and warn of this in the logs so the admins can take appropriate action.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-shiori/shiori/pull/651 **Author:** [@fmartingr](https://github.com/fmartingr) **Created:** 7/20/2023 **Status:** ✅ Merged **Merged:** 7/21/2023 **Merged by:** [@fmartingr](https://github.com/fmartingr) **Base:** `master` ← **Head:** `feat/cross-api-authentication` --- ### 📝 Commits (4) - [`26c055d`](https://github.com/go-shiori/shiori/commit/26c055d90dda559de65f954c8f46432c8e2671c1) typo: letter in login page - [`64ec8cf`](https://github.com/go-shiori/shiori/commit/64ec8cf8197b372f90b13bb46ed0bdc92b63c679) httpconfig set defaults for secret key with warn - [`4da2fa9`](https://github.com/go-shiori/shiori/commit/4da2fa9269da233f6d89020477c0b15d74be7fa2) allow new authentication in old api - [`09df5a3`](https://github.com/go-shiori/shiori/commit/09df5a358b78253a08643b14bd7ad706c03b5425) Updated warn log ### 📊 Changes **9 files changed** (+48 additions, -467 deletions) <details> <summary>View changed files</summary> 📝 `internal/cmd/server.go` (+2 -10) 📝 `internal/config/config.go` (+10 -5) 📝 `internal/http/routes/legacy.go` (+1 -1) 📝 `internal/view/login.html` (+1 -1) 📝 `internal/webserver/handler-api.go` (+0 -95) 📝 `internal/webserver/handler-ui.go` (+0 -70) 📝 `internal/webserver/handler.go` (+30 -8) 📝 `internal/webserver/server.go` (+3 -211) 📝 `internal/webserver/utils.go` (+1 -66) </details> ### 📄 Description ## Summary Allow authentication into the legacy APIs using the new login endpoint JWT provided token. The session will be valid if the requests contains a valid JWT token as the new API does and will let the request go through. Now that this login method can be used anywhere, this pull request also addresses an empty secret key in the configuration. Instead of leaving it empty, it will create a new random one (from an uuidv4) and warn of this in the logs so the admins can take appropriate action. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>