From 923f69ab55e1eae9c4e5e2eff31f27d96cf4416c Mon Sep 17 00:00:00 2001
From: Miodec <jack@monkeytype.com>
Date: Tue, 26 Sep 2023 14:44:45 +0100
Subject: [PATCH] impr(server): don't return errors for public endpoints when
 providing authorization

---
 backend/src/api/routes/leaderboards.ts |  2 +-
 backend/src/api/routes/users.ts        |  1 -
 backend/src/middlewares/auth.ts        | 14 +++++++-------
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/backend/src/api/routes/leaderboards.ts b/backend/src/api/routes/leaderboards.ts
index 403720d47..0624bc481 100644
--- a/backend/src/api/routes/leaderboards.ts
+++ b/backend/src/api/routes/leaderboards.ts
@@ -48,7 +48,7 @@ const requireDailyLeaderboardsEnabled = validateConfiguration({
 
 router.get(
   "/",
-  authenticateRequest({ isPublic: true, acceptApeKeys: true }),
+  authenticateRequest({ isPublic: true }),
   withApeRateLimiter(RateLimit.leaderboardsGet),
   validateRequest({
     query: LEADERBOARD_VALIDATION_SCHEMA_WITH_LIMIT,
diff --git a/backend/src/api/routes/users.ts b/backend/src/api/routes/users.ts
index 862c16307..fcc1c4e09 100644
--- a/backend/src/api/routes/users.ts
+++ b/backend/src/api/routes/users.ts
@@ -496,7 +496,6 @@ router.get(
   requireProfilesEnabled,
   authenticateRequest({
     isPublic: true,
-    acceptApeKeys: true,
   }),
   withApeRateLimiter(RateLimit.userProfileGet),
   validateRequest({
diff --git a/backend/src/middlewares/auth.ts b/backend/src/middlewares/auth.ts
index 2ff89bf7e..6b84a733c 100644
--- a/backend/src/middlewares/auth.ts
+++ b/backend/src/middlewares/auth.ts
@@ -45,18 +45,18 @@ function authenticateRequest(authOptions = DEFAULT_OPTIONS): Handler {
     const { authorization: authHeader } = req.headers;
 
     try {
-      if (authHeader) {
-        token = await authenticateWithAuthHeader(
-          authHeader,
-          req.ctx.configuration,
-          options
-        );
-      } else if (options.isPublic) {
+      if (options.isPublic === true) {
         token = {
           type: "None",
           uid: "",
           email: "",
         };
+      } else if (authHeader) {
+        token = await authenticateWithAuthHeader(
+          authHeader,
+          req.ctx.configuration,
+          options
+        );
       } else if (process.env.MODE === "dev") {
         token = authenticateWithBody(req.body);
       } else {