2 files changed, 27 insertions, 9 deletions
diff --git a/src/handlers.rs b/src/handlers.rs
index 0848740bc1..c97e677311 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -64,6 +64,15 @@ pub fn new_thread(state: State<AppState>) -> ConverseResponse {
         .responder()
 }
 
+/// This function provides an anonymous "default" author if logins are
+/// not required.
+fn anonymous() -> Author {
+    Author {
+        name: "Anonymous".into(),
+        email: "anonymous@nothing.org".into(),
+    }
+}
+
 #[derive(Deserialize)]
 pub struct NewThreadForm {
     pub title: String,
@@ -90,9 +99,10 @@ pub fn submit_thread(state: State<AppState>,
             .responder();
     }
 
-    // Author is "unwrapped" because the RequireLogin middleware
-    // guarantees it to be present.
-    let author: Author = req.session().get(AUTHOR).unwrap().unwrap();
+    let author: Author = req.session().get(AUTHOR)
+        .unwrap_or_else(|_| Some(anonymous()))
+        .unwrap_or_else(anonymous);
+
     let new_thread = NewThread {
         title: input.0.title,
         body: input.0.body,
@@ -123,9 +133,10 @@ pub struct NewPostForm {
 pub fn reply_thread(state: State<AppState>,
                     input: Form<NewPostForm>,
                     mut req: HttpRequest<AppState>) -> ConverseResponse {
-    // Author is "unwrapped" because the RequireLogin middleware
-    // guarantees it to be present.
-    let author: Author = req.session().get(AUTHOR).unwrap().unwrap();
+    let author: Author = req.session().get(AUTHOR)
+        .unwrap_or_else(|_| Some(anonymous()))
+        .unwrap_or_else(anonymous);
+
     let new_post = NewPost {
         thread_id: input.thread_id,
         body: input.0.body,
diff --git a/src/main.rs b/src/main.rs
index eeab96e83c..8188d49871 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -112,6 +112,8 @@ fn main() {
         key_bytes
     };
 
+    let require_login = config_default("REQUIRE_LOGIN", "true".into()) == "true";
+
     server::new(move || {
         let state = AppState {
             db: db_addr.clone(),
@@ -123,17 +125,22 @@ fn main() {
             CookieSessionBackend::signed(&key)
                 .secure(base_url.starts_with("https")));
 
-        App::with_state(state)
+        let app = App::with_state(state)
             .middleware(Logger::default())
             .middleware(sessions)
-            .middleware(RequireLogin)
             .resource("/", |r| r.method(Method::GET).with(forum_index))
             .resource("/thread/new", |r| r.method(Method::GET).with(new_thread))
             .resource("/thread/submit", |r| r.method(Method::POST).with3(submit_thread))
             .resource("/thread/reply", |r| r.method(Method::POST).with3(reply_thread))
             .resource("/thread/{id}", |r| r.method(Method::GET).with2(forum_thread))
             .resource("/oidc/login", |r| r.method(Method::GET).with(login))
-            .resource("/oidc/callback", |r| r.method(Method::POST).with3(callback))})
+            .resource("/oidc/callback", |r| r.method(Method::POST).with3(callback));
+
+        if require_login {
+            app.middleware(RequireLogin)
+        } else {
+            app
+        }})
         .bind(&bind_host).expect(&format!("Could not bind on '{}'", bind_host))
         .start();