allow anonymous users (users without auth header)

lib/config.js

@@ -23,7 +23,7 @@ function Config(config) {
 	var users = {all:true};
 	
 	var check_user_or_uplink = function(arg) {
-		assert(arg !== 'all' || arg !== 'owner', 'CONFIG: reserved user/uplink name: ' + arg);
+		assert(arg !== 'all' || arg !== 'owner' || arg !== 'anonymous', 'CONFIG: reserved user/uplink name: ' + arg);
 		assert(!arg.match(/\s/), 'CONFIG: invalid user name: ' + arg);
 		assert(users[arg] == null, 'CONFIG: duplicate user/uplink name: ' + arg);
 		users[arg] = true;

lib/index.js

@@ -12,12 +12,9 @@ var expect_json = require('./middleware').expect_json;
 module.exports = function(config_hash) {
 	var config = new Config(config_hash);
 	var storage = new Storage(config);
-	var auth = basic_auth(function(user, pass) {
-		return config.authenticate(user, pass);
-   });
 
 	var can = function(action) {
-		return [auth, function(req, res, next) {
+		return function(req, res, next) {
 			if (config['allow_'+action](req.params.package, req.remoteUser)) {
 				next();
 			} else {
@@ -26,11 +23,14 @@ module.exports = function(config_hash) {
 					msg: 'user '+req.remoteUser+' not allowed to '+action+' it'
 				}));
 			}
-		}];
+		};
 	};
 
 	var app = express();
 	app.use(express.logger());
+	app.use(basic_auth(function(user, pass) {
+		return config.authenticate(user, pass);
+   }));
 	app.use(express.bodyParser());
 
 	app.param('package', validate_name);

lib/middleware.js

@@ -40,10 +40,10 @@ module.exports.basic_auth = function basic_auth(callback) {
 		var authorization = req.headers.authorization;
 
 		if (req.user) return next();
-		if (!authorization) return next({
-			status: 403,
-			msg: 'authorization required',
-		});
+		if (authorization == null) {
+			req.user = req.remoteUser = 'anonymous';
+			return next();
+		}
 
 		var parts = authorization.split(' ');