Add single-file HTML/JS client

2026-02-25 19:30:14 +02:00
parent 621815ed0f
commit f4eccec652
3 changed files with 1029 additions and 7 deletions
--- a/api/api.go
+++ b/api/api.go
@@ -32,17 +32,35 @@ func New(store *db.Store, password string, notify Notifier) *Server {
 }

 func (s *Server) Handler() http.Handler {
-	if s.password == "" {
-		return s.mux
-	}
-	// Wrap with auth middleware
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	var handler http.Handler = s.mux
+
+	// Wrap with auth middleware if password is set
+	if s.password != "" {
+		authHandler := handler
+		handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			auth := r.Header.Get("Authorization")
 			if !strings.HasPrefix(auth, "Bearer ") || auth[7:] != s.password {
 				writeError(w, http.StatusUnauthorized, "invalid or missing authorization")
 				return
 			}
-		s.mux.ServeHTTP(w, r)
+			authHandler.ServeHTTP(w, r)
+		})
+	}
+
+	// Wrap with CORS middleware (allow all origins)
+	corsHandler := handler
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+
+		// Handle preflight requests
+		if r.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusNoContent)
+			return
+		}
+
+		corsHandler.ServeHTTP(w, r)
 	})
 }

--- a/index.html
+++ b/index.html
--- a/BIN
+++ b/BIN