fix: skip auth on /api/v1/status to avoid sign up while token invalid (#1895)

Skip auth on /api/v1/status to avoid sign up while token invalid

api/v1/jwt.go

@@ -82,7 +82,7 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 		}
 
 		// Skip validation for server status endpoints.
-		if common.HasPrefixes(path, "/api/v1/ping", "/api/v1/idp", "/api/user/:id") && method == http.MethodGet {
+		if common.HasPrefixes(path, "/api/v1/ping", "/api/v1/idp", "/api/v1/status", "/api/user/:id") && method == http.MethodGet {
 			return next(c)
 		}
 
@@ -93,7 +93,7 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 				return next(c)
 			}
 			// When the request is not authenticated, we allow the user to access the memo endpoints for those public memos.
-			if common.HasPrefixes(path, "/api/v1/status", "/api/memo") && method == http.MethodGet {
+			if common.HasPrefixes(path, "/api/memo") && method == http.MethodGet {
 				return next(c)
 			}
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")

api/v1/system.go

@@ -3,7 +3,6 @@ package v1
 import (
 	"encoding/json"
 	"net/http"
-	"os"
 
 	"github.com/labstack/echo/v4"
 	"github.com/usememos/memos/common/log"
@@ -124,23 +123,6 @@ func (s *APIV1Service) registerSystemRoutes(g *echo.Group) {
 			}
 		}
 
-		userID, ok := c.Get(getUserIDContextKey()).(int)
-		// Get database size for host user.
-		if ok {
-			user, err := s.Store.GetUser(ctx, &store.FindUser{
-				ID: &userID,
-			})
-			if err != nil {
-				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
-			}
-			if user != nil && user.Role == store.RoleHost {
-				fi, err := os.Stat(s.Profile.DSN)
-				if err != nil {
-					return echo.NewHTTPError(http.StatusInternalServerError, "Failed to read database fileinfo").SetInternal(err)
-				}
-				systemStatus.DBSize = fi.Size()
-			}
-		}
 		return c.JSON(http.StatusOK, systemStatus)
 	})