add fxa_required option

server/config.js

@@ -155,6 +155,11 @@ const conf = convict({
     default: `${tmpdir()}${path.sep}send-${randomBytes(4).toString('hex')}`,
     env: 'FILE_DIR'
   },
+  fxa_required: {
+    format: Boolean,
+    default: true,
+    env: 'FXA_REQUIRED'
+  },
   fxa_url: {
     format: 'url',
     default: 'http://localhost:3030',

server/routes/index.js

@@ -117,7 +117,7 @@ module.exports = function(app) {
   app.get(`/api/metadata/:id${ID_REGEX}`, auth.hmac, require('./metadata'));
   app.get('/api/filelist/:id([\\w-]{16})', auth.fxa, filelist.get);
   app.post('/api/filelist/:id([\\w-]{16})', auth.fxa, filelist.post);
-  app.post('/api/upload', auth.fxa, require('./upload'));
+  // app.post('/api/upload', auth.fxa, require('./upload'));
   app.post(`/api/delete/:id${ID_REGEX}`, auth.owner, require('./delete'));
   app.post(`/api/password/:id${ID_REGEX}`, auth.owner, require('./password'));
   app.post(

server/routes/ws.js

@@ -46,7 +46,8 @@ module.exports = function(ws, req) {
         !auth ||
         timeLimit <= 0 ||
         timeLimit > maxExpireSeconds ||
-        dlimit > maxDownloads
+        dlimit > maxDownloads ||
+        (config.fxa_required && !user)
       ) {
         ws.send(
           JSON.stringify({

server/state.js

@@ -15,7 +15,11 @@ module.exports = async function(req) {
     try {
       authConfig = await getFxaConfig();
       authConfig.client_id = config.fxa_client_id;
+      authConfig.fxa_required = config.fxa_required;
     } catch (e) {
+      if (config.auth_required) {
+        throw new Error('fxa_required is set but no config was found');
+      }
       // continue without accounts
     }
   }