fix --require-auth flag

Apparently with docopt, --require-auth=false doesn't work, so booleans with a default value of true can't be turned off. Toggle the default to false to deal with this, for now. I'd prefer the default be true, but I also would prefer to not use a negative --no-require-auth or --allow-unauthenticated flag. I think I'll switch from docopt to clap in the near future; it seems to be what the cool kids use.
2025-02-23 19:42:30 -05:00 · 2018-12-28 08:39:50 -06:00 · 2018-12-28 08:39:50 -06:00 · 4580038013
commit 4580038013
parent 54ebc6ec2f
4 changed files with 7 additions and 12 deletions
--- a/guide/install-manual.md
+++ b/guide/install-manual.md
@ -84,8 +84,7 @@ Moonfire NVR can be run as a systemd service. Create
    [Service]
    ExecStart=/usr/local/bin/moonfire-nvr run \
        --db-dir=/var/lib/moonfire-nvr/db \
-        --http-addr=0.0.0.0:8080 \
-        --require-auth=false
+        --http-addr=0.0.0.0:8080
    Environment=TZ=:/etc/localtime
    Environment=MOONFIRE_FORMAT=google-systemd
    Environment=MOONFIRE_LOG=info
--- a/guide/secure.md
+++ b/guide/secure.md
@ -153,15 +153,13 @@ In your `/etc/systemd/system/moonfire-nvr.service` file, look for these lines:

 ```
 ExecStart=/usr/local/bin/moonfire-nvr run \
-    ...
-    --http-addr=0.0.0.0:8080 \
-    --require-auth=false
+    --db-dir=/var/lib/moonfire-nvr/db \
+    --http-addr=0.0.0.0:8080
 ```

-Change `--require-auth=false` to `--require-auth=true --trust-forward-hdrs`.
-This change has two effects:
+Add `--require-auth --trust-forward-hdrs`. This change has two effects:

-   * `--require-auth=true` means that web users must authenticate.
+   * `--require-auth` means that web users must authenticate.
   * `--trust-forward-hdrs` means that Moonfire NVR will look for `X-Real-IP`
     and `X-Forwarded-Proto` headers as added by the webserver configuration
     in the next section.
--- a/scripts/install.sh
+++ b/scripts/install.sh
@ -106,8 +106,7 @@ After=network-online.target
 ExecStart=${SERVICE_BIN} run \\
    --db-dir=${DB_DIR} \\
    --ui-dir=${LIB_DIR}/ui \\
-    --http-addr=0.0.0.0:${NVR_PORT} \
-    --require=auth=false
+    --http-addr=0.0.0.0:${NVR_PORT}
 Environment=TZ=:/etc/localtime
 Environment=MOONFIRE_FORMAT=google-systemd
 Environment=MOONFIRE_LOG=info
--- a/src/cmds/run.rs
+++ b/src/cmds/run.rs
@ -66,8 +66,7 @@ Options:
    --http-addr=ADDR       Set the bind address for the unencrypted HTTP server.
                           [default: 0.0.0.0:8080]
    --read-only            Forces read-only mode / disables recording.
-    --require-auth=BOOL    Requires authentication to access the web interface.
-                           [default: true]
+    --require-auth         Requires authentication to access the web interface.
    --trust-forward-hdrs   Trust X-Real-IP: and X-Forwarded-Proto: headers on
                           the incoming request. Set this only after ensuring
                           your proxy server is configured to set them and that