fix: only require metrics password if set (#1715)

src/server/utils/handler.ts

@@ -138,6 +138,9 @@ export const defineMetricsHandler = <
   handler: MetricsHandler<TReq, TRes>
 ) => {
   return defineEventHandler(async (event) => {
+    const metricsConfig = await Database.general.getMetricsConfig();
+
+    if (metricsConfig.password) {
       const auth = getHeader(event, 'Authorization');
 
       if (!auth) {
@@ -156,16 +159,6 @@ export const defineMetricsHandler = <
         });
       }
 
-    const metricsConfig = await Database.general.getMetricsConfig();
-
-    if (metricsConfig[type] !== true) {
-      throw createError({
-        statusCode: 400,
-        statusMessage: 'Metrics not enabled',
-      });
-    }
-
-    if (metricsConfig.password) {
       const tokenValid = await isPasswordValid(value, metricsConfig.password);
 
       if (!tokenValid) {
@@ -176,6 +169,13 @@ export const defineMetricsHandler = <
       }
     }
 
+    if (metricsConfig[type] !== true) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: 'Metrics not enabled',
+      });
+    }
+
     return await handler({ event });
   });
 };