Skip to content

feat(auth): add anonymous authentication mode#1766

Open
OhJuhun wants to merge 8 commits intohyperdxio:mainfrom
OhJuhun:feat/anonymous-auth
Open

feat(auth): add anonymous authentication mode#1766
OhJuhun wants to merge 8 commits intohyperdxio:mainfrom
OhJuhun:feat/anonymous-auth

Conversation

@OhJuhun
Copy link

@OhJuhun OhJuhun commented Feb 20, 2026

Add a new authentication mode (IS_ANONYMOUS_AUTH_ENABLED) that skips login but uses real MongoDB user/team for data persistence. This is an intermediate mode between local (no auth, fake user) and full auth (email/password required).

Backend: provision anonymous user/team at startup, inject into requests
Frontend: skip login/register pages, hide auth-related UI elements
Docker: add entry.local.anonymous.sh entry script

Closes #1329

Add a new authentication mode (IS_ANONYMOUS_AUTH_ENABLED) that skips
login but uses real MongoDB user/team for data persistence.
This is an intermediate mode between local (no auth, fake user) and
full auth (email/password required).

Backend: provision anonymous user/team at startup, inject into requests
Frontend: skip login/register pages, hide auth-related UI elements
Docker: add entry.local.anonymous.sh entry script

Closes hyperdxio#1329
@changeset-bot
Copy link

changeset-bot bot commented Feb 20, 2026

🦋 Changeset detected

Latest commit: 660569f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@hyperdx/api Minor
@hyperdx/app Minor
@hyperdx/otel-collector Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Feb 20, 2026

@OhJuhun is attempting to deploy a commit to the HyperDX Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 20, 2026

PR Review: feat(auth): add anonymous authentication mode

Note: This replaces the previous automated review — the earlier findings were based on a stale diff and are incorrect for the current code.

The implementation is clean and well-structured. The previous bot comment incorrectly flagged:

  • "Shared mutable Mongoose document as req.user" → Already handled: anonymousUser.toObject() is used ✅
  • "setupTeamDefaults creates duplicates on restart" → Function is idempotent (checks existing connections/sources before creating) ✅
  • "Redundant double import in AuthPage.tsx" → Uses import * as config correctly ✅

Remaining minor concerns:

  • ⚠️ Stale module-level _anonymousUser singleton → Set once at startup; if the underlying MongoDB document is updated at runtime, req.user will serve stale data. For the current use case (_id, email, team don't change post-provisioning), this is acceptable, but worth a comment.

  • ⚠️ AuthPage.tsx useEffect missing depconfig.IS_ANONYMOUS_MODE used inside effect but not in the [isLoggedIn, router] dep array. Since it's a build-time constant it won't cause a runtime bug, but react-hooks/exhaustive-deps lint will likely flag it.

  • 💡 No OAuth/SAML route blocking → Only /login/password and /register/password are blocked in anonymous mode. If OAuth or SAML routes are added later, they'll need the same guard. Consider extracting the block middleware to a shared helper for easier reuse.

No critical issues found. The fast-fail on provisioning, IS_AUTH_HIDDEN abstraction in AppNav, and test coverage for middleware injection and route blocking are all solid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Disable Auth / Allow Declarative Credentials

1 participant