Allow QDN data to be served without authentication by setting "qdnAuthBypassEnabled":true

This allows the GET /arbitrary/{service}/{name} and GET /{service}/{name}/{identifier} endpoints to operate without any authentication. Useful for those who are running public QDN nodes and need to serve data over http(s).

src/main/java/org/qortal/api/resource/ArbitraryResource.java

@@ -575,7 +575,11 @@ public class ArbitraryResource {
 								   @PathParam("name") String name,
 								   @QueryParam("filepath") String filepath,
 								   @QueryParam("rebuild") boolean rebuild) {
-		Security.checkApiCallAllowed(request);
+
+		// Authentication can be bypassed in the settings, for those running public QDN nodes
+		if (!Settings.getInstance().isQDNAuthBypassEnabled()) {
+			Security.checkApiCallAllowed(request);
+		}
 
 		return this.download(service, name, null, filepath, rebuild);
 	}
@@ -604,7 +608,11 @@ public class ArbitraryResource {
 								   @PathParam("identifier") String identifier,
 								   @QueryParam("filepath") String filepath,
 								   @QueryParam("rebuild") boolean rebuild) {
-		Security.checkApiCallAllowed(request);
+
+		// Authentication can be bypassed in the settings, for those running public QDN nodes
+		if (!Settings.getInstance().isQDNAuthBypassEnabled()) {
+			Security.checkApiCallAllowed(request);
+		}
 
 		return this.download(service, name, identifier, filepath, rebuild);
 	}

src/main/java/org/qortal/settings/Settings.java

@@ -308,6 +308,9 @@ public class Settings {
 	/** Maximum total size of hosted data, in bytes. Unlimited if null */
 	private Long maxStorageCapacity = null;
 
+	/** Whether to serve QDN data without authentication */
+	private boolean qdnAuthBypassEnabled = false;
+
 	// Domain mapping
 	public static class DomainMap {
 		private String domain;
@@ -884,4 +887,8 @@ public class Settings {
 	public Long getMaxStorageCapacity() {
 		return this.maxStorageCapacity;
 	}
+
+	public boolean isQDNAuthBypassEnabled() {
+		return this.qdnAuthBypassEnabled;
+	}
 }