From cec696c597cdee8db81b7b31796af6fcf5a5cb91 Mon Sep 17 00:00:00 2001
From: Daniel <blt950@users.noreply.github.com>
Date: Sun, 8 Sep 2024 11:20:33 +0200
Subject: [PATCH] fix: made events calendar public without auth key

---
 app/Http/Middleware/ApiToken.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/app/Http/Middleware/ApiToken.php b/app/Http/Middleware/ApiToken.php
index ec875b2..38b576b 100644
--- a/app/Http/Middleware/ApiToken.php
+++ b/app/Http/Middleware/ApiToken.php
@@ -20,9 +20,15 @@ public function handle(Request $request, Closure $next, $args = ''): Response
 
         if($key === null || ($args == 'edit' && $key->readonly == true))
         {
-            return response()->json([
-                'message' => 'Unauthorized',
-            ], 401);
+            // Exception for open calendar fetch
+            if (preg_match('/^\/api\/calendars\/\d+\/events$/', $request->getRequestUri())) {
+                $request->attributes->set('unauthenticated', true);
+                return $next($request);
+            } else {
+                return response()->json([
+                    'message' => 'Unauthorized',
+                ], 401);
+            }
         }
 
         $key->update(['last_used_at', now()]);