I understand that #16 might be time consuming to implement. Maybe we can just add an option to disable auth altogether in the meantime.

For my use behind a proxy, it's just an inconvenience.