Skip to content

fix(serve): allow disabling client auth with empty public keys#656

Open
overcat wants to merge 1 commit into
stellar:mainfrom
lightsail-network:fix/optional-client-auth
Open

fix(serve): allow disabling client auth with empty public keys#656
overcat wants to merge 1 commit into
stellar:mainfrom
lightsail-network:fix/optional-client-auth

Conversation

@overcat

@overcat overcat commented Jul 8, 2026

Copy link
Copy Markdown

What

When CLIENT_AUTH_PUBLIC_KEYS is not set or empty, serve now starts with request authentication disabled (with a startup warning) instead of panicking. The verifier construction is extracted into buildRequestAuthVerifier(), which returns nil when no keys are configured so handler() skips the auth middleware.

Why

The flag help, the config parser, and the router all advertise that an empty key list disables authentication, but initHandlerDeps unconditionally instantiated the JWT token parser, which rejects an empty key list, so the server crashed at startup and the documented no-auth mode was unreachable:

instantiating multi JWT token parser: no Stellar public keys provided

Known limitations

N/A

Issue that this PR addresses

Fixes #655

Checklist

PR Structure

  • It is not possible to break this PR down into smaller PRs.
  • This PR does not mix refactoring changes with feature changes.
  • This PR's title starts with name of package that is most changed in the PR, or all if the changes are broad or impact many packages.

Thoroughness

  • This PR adds tests for the new functionality or fixes.
  • All updated queries have been tested (N/A — no SQL queries changed).

Release

  • This is not a breaking change.
  • This is ready to be tested in development.
  • The new functionality is gated with a feature flag if this is not reaempty key list itself is the opt-in).

Copilot AI review requested due to automatic review settings July 8, 2026 03:25

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes the serve command honor the documented “no client auth” mode by allowing request authentication to be disabled when CLIENT_AUTH_PUBLIC_KEYS is unset/empty, avoiding a startup panic. It does so by centralizing verifier construction and skipping the auth middleware when no keys are configured.

Changes:

  • Extracts request-auth verifier construction into buildRequestAuthVerifier() and returns nil when no public keys are configured.
  • Updates the HTTP router wiring to conditionally apply the authentication middleware only when a verifier is present.
  • Adds unit tests for verifier construction behavior (disabled, enabled, invalid key) and documents the behavior in the README.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
README.md Documents that empty/unset CLIENT_AUTH_PUBLIC_KEYS disables request authentication.
internal/serve/serve.go Builds request auth verifier conditionally and skips auth middleware when unconfigured, preventing startup panic.
internal/serve/serve_test.go Adds tests covering verifier construction for empty keys, valid keys, and invalid keys.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

serve: crashes at startup when CLIENT_AUTH_PUBLIC_KEYS is empty, although auth is documented as optional

2 participants