when in "none" ACL mode, privileged checks are not enforced

2025-11-13 08:31:02 +00:00
parent baede6d37f
commit 7169a2158f
3 changed files with 60 additions and 24 deletions
--- a/app/handle-req.go
+++ b/app/handle-req.go
@@ -661,6 +661,8 @@ func (l *Listener) HandleReq(msg []byte) (err error) {
 		l.subscriptionsMu.Unlock()

 		// Register subscription with publisher
+		// Set AuthRequired based on ACL mode - when ACL is "none", don't require auth for privileged events
+		authRequired := acl.Registry.Active.Load() != "none"
 		l.publishers.Receive(
 			&W{
 				Conn:         l.conn,
@@ -669,6 +671,7 @@ func (l *Listener) HandleReq(msg []byte) (err error) {
 				Receiver:     receiver,
 				Filters:      &subbedFilters,
 				AuthedPubkey: l.authedPubkey.Load(),
+				AuthRequired: authRequired,
 			},
 		)