mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-15 01:07:32 +00:00
be20ab111a
When a request for /login (or any other frontend route) comes in without proper Accept headers (like from curl or some browsers), the server was returning 'Authentication required' text instead of serving the frontend HTML. This is because the router was checking authentication before serving ANY non-API route, including frontend pages like /login, /dashboard, etc. The fix: Frontend routes should always be served without backend auth checks. The authentication logic runs in the frontend JavaScript after the page loads. Backend auth should only block: - API endpoints (/api/*) - WebSocket connections (/ws*, /socket.io/*) - Download endpoints (/download/*) - Special scripts (/install-*.sh, etc.) All other routes are frontend pages that need to be served to everyone so the login page can load and handle auth in the browser. This fixes the integration tests where Playwright couldn't see the login form because the server was rejecting the /login request before serving HTML. Related to #695 (release workflow integration tests) |
||
|---|---|---|
| .. | ||
| alerts.go | ||
| alerts_test.go | ||
| auth.go | ||
| auth_scope_test.go | ||
| bootstrap_token.go | ||
| config_handlers.go | ||
| config_handlers_auto_register_test.go | ||
| config_handlers_cluster_test.go | ||
| config_handlers_setup_script_test.go | ||
| csrf_store.go | ||
| demo_middleware.go | ||
| diagnostics.go | ||
| DO_NOT_EDIT_FRONTEND_HERE.md | ||
| docker_agents.go | ||
| docker_metadata.go | ||
| frontend_embed.go | ||
| guest_metadata.go | ||
| host_agents.go | ||
| host_agents_test.go | ||
| http_metrics.go | ||
| middleware.go | ||
| notification_queue.go | ||
| notifications.go | ||
| oidc_handlers.go | ||
| oidc_service.go | ||
| rate_limit_config.go | ||
| rate_limit_config_test.go | ||
| ratelimit.go | ||
| README.md | ||
| recovery_tokens.go | ||
| router.go | ||
| router_integration_test.go | ||
| security.go | ||
| security_oidc.go | ||
| security_setup_fix.go | ||
| security_setup_fix_test.go | ||
| security_test.go | ||
| security_tokens.go | ||
| security_tokens_test.go | ||
| session_store.go | ||
| system_settings.go | ||
| types.go | ||
| updates.go | ||
Internal API Package
This directory contains the API server implementation for Pulse.
Important Note About frontend-modern/
The frontend-modern/ subdirectory that appears here is:
- AUTO-GENERATED during builds
- NOT the source code - just a build artifact
- IN .gitignore - never committed
- REQUIRED BY GO - The embed directive needs it here
Frontend Development Location
👉 Edit frontend files at: /opt/pulse/frontend-modern/src/
Why This Structure?
Go's //go:embed directive has limitations:
- Cannot use
../paths to access parent directories - Cannot follow symbolic links
- Must embed files within the Go module
This is a known Go limitation and our structure works around it.