From c83714bfe8f60596b7e98ca87372be981fed9aa4 Mon Sep 17 00:00:00 2001
From: Eric Callahan <arksine.code@gmail.com>
Date: Mon, 21 Nov 2022 12:31:25 -0500
Subject: [PATCH] authorization: make api key authentication optional

Signed-off-by;  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/components/authorization.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index 1b44c85..0bb30fc 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -76,6 +76,7 @@ class Authorization:
         self.login_timeout = config.getint('login_timeout', 90)
         self.force_logins = config.getboolean('force_logins', False)
         self.default_source = config.get('default_source', "moonraker").lower()
+        self.enable_api_key = config.getboolean('enable_api_key', True)
         if self.default_source not in AUTH_SOURCES:
             raise config.error(
                 "[authorization]: option 'default_source' - Invalid "
@@ -734,9 +735,10 @@ class Authorization:
                 return ost_user
 
         # Check API Key Header
-        key: Optional[str] = request.headers.get("X-Api-Key")
-        if key and key == self.api_key:
-            return self.users[API_USER]
+        if self.enable_api_key:
+            key: Optional[str] = request.headers.get("X-Api-Key")
+            if key and key == self.api_key:
+                return self.users[API_USER]
 
         # If the force_logins option is enabled and at least one
         # user is created this is an unauthorized request