Bugfix/whitelist urls for non password protected instance (#3085)

whitelist urls for non password protected instance

packages/server/src/index.ts

@@ -117,12 +117,6 @@ export class App {
             next()
         })
 
-        if (process.env.FLOWISE_USERNAME && process.env.FLOWISE_PASSWORD) {
-            const username = process.env.FLOWISE_USERNAME
-            const password = process.env.FLOWISE_PASSWORD
-            const basicAuthMiddleware = basicAuth({
-                users: { [username]: password }
-            })
         const whitelistURLs = [
             '/api/v1/verify/apikey/',
             '/api/v1/chatflows/apikey/',
@@ -141,6 +135,13 @@ export class App {
             '/api/v1/ip',
             '/api/v1/ping'
         ]
+
+        if (process.env.FLOWISE_USERNAME && process.env.FLOWISE_PASSWORD) {
+            const username = process.env.FLOWISE_USERNAME
+            const password = process.env.FLOWISE_PASSWORD
+            const basicAuthMiddleware = basicAuth({
+                users: { [username]: password }
+            })
             this.app.use(async (req, res, next) => {
                 if (/\/api\/v1\//i.test(req.url)) {
                     if (whitelistURLs.some((url) => new RegExp(url, 'i').test(req.url))) {
@@ -161,7 +162,9 @@ export class App {
         } else {
             this.app.use(async (req, res, next) => {
                 if (/\/api\/v1\//i.test(req.url)) {
-                    if (req.headers['x-request-from'] === 'internal') {
+                    if (whitelistURLs.some((url) => new RegExp(url, 'i').test(req.url))) {
+                        next()
+                    } else if (req.headers['x-request-from'] === 'internal') {
                         next()
                     } else {
                         const isKeyValidated = await validateAPIKey(req)