Koillection API open for everyone?

[retrogamer1337]

I found out that I dont need to input any string as JWT to access my api - is this normal?

I was able to change the URL of a link of an item without any autentification within postman.com

I just used:

curl -X 'PUT'
'https://MYURL/api/data/0190f3b3-5c83-71e1-91fb-3575fdb09262'
-H 'accept: application/json'
-H 'Content-Type: application/json'
-d '{
"value": "https://psxdatacenter.com/games/P/C/SCES-03365.html"
}'

When I enter no authentification and leave the Bearer Token empty it works fine. As soon as I enter some token it will say
{
"code": 401,
"message": "Invalid JWT Token"
}

when I POST https://MYURL/api/authentication_token with wrong data it gives me
{
"code": 401,
"message": "Invalid JWT Token"
}

When I enter the real name and passwordt gives me
{
"token": ""
}
Is the empty token the reason I can access my api without any token?

In my .env.local there is a token inside

I secured my instance with cloudflare for now

[retrogamer1337]

IDK - seems to be fixed with regenerating the keyfiles. now i get a token and access without a token is not possible anymore.

php bin/console lexik:jwt:generate-keypair --overwrite

You are about to replace your existing keys. Are you sure you wish to continue? (yes/no) [yes]:

yes

[OK] Done!

[azuravian]

This is the same problem I was having. I have some python code that I use for scraping data and putting it in Koillection. The function to get the token now returns an empty token. Running in docker, I pulled an updated image and now it pulls a token again.

[retrogamer1337]

Hi, I found out that in my case where I run Koillection as a Docker on Unraid, installed from the Community Application Tab, there were no variabels set, they only meant to be written in the .env file which Koillection did not seem to read at all. So I added them to my Container and it works now. Before that, after a Reboot I had the same error than before.