fix login form

internal/httpapp/auth_middleware.go

@@ -107,8 +107,9 @@ func (a *App) isPublicEndpoint(path, method string) bool {
 		"/metrics",
 		"/api/v1/auth/login",
 		"/api/v1/auth/logout",
-		"/",                 // Dashboard
+		"/",                 // Root - redirects to login
 		"/login",            // Login page
+		"/dashboard",        // Dashboard page (frontend will check token)
 		"/storage",          // Storage management page
 		"/shares",           // Shares page
 		"/iscsi",            // iSCSI page

internal/httpapp/handlers.go

@@ -8,6 +8,14 @@ import (
 )
 
 func (a *App) handleDashboard(w http.ResponseWriter, r *http.Request) {
+	// Redirect to login page if not authenticated
+	// Since we use JWT in localStorage (client-side), we'll redirect to login
+	// and let the frontend handle token validation
+	http.Redirect(w, r, "/login", http.StatusFound)
+}
+
+func (a *App) handleDashboardPage(w http.ResponseWriter, r *http.Request) {
+	// This is the actual dashboard page (accessed via /dashboard route)
 	data := map[string]any{
 		"Title": "Dashboard",
 		"Build": map[string]string{

internal/httpapp/routes.go

@@ -12,7 +12,8 @@ func (a *App) routes() {
 	a.mux.Handle("/static/", http.StripPrefix("/static/", fs))
 
 	// Web UI
-	a.mux.HandleFunc("/", a.handleDashboard)
+	a.mux.HandleFunc("/", a.handleDashboard)              // Redirects to login
+	a.mux.HandleFunc("/dashboard", a.handleDashboardPage) // Actual dashboard page
 	a.mux.HandleFunc("/login", a.handleLoginPage)
 	a.mux.HandleFunc("/storage", a.handleStorage)
 	a.mux.HandleFunc("/shares", a.handleShares)

web/templates/base.html

@@ -30,7 +30,7 @@
       <!-- Navigation Menu -->
       <nav class="flex-1 overflow-y-auto py-4">
         <div class="px-2 space-y-1">
-          <a href="/" class="nav-link flex items-center gap-3 px-4 py-3 rounded-lg text-slate-300 hover:bg-slate-800 hover:text-white transition-colors">
+          <a href="/dashboard" class="nav-link flex items-center gap-3 px-4 py-3 rounded-lg text-slate-300 hover:bg-slate-800 hover:text-white transition-colors">
             <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
               <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 12l2-2m0 0l7-7 7 7M5 10v10a1 1 0 001 1h3m10-11l2 2m-2-2v10a1 1 0 01-1 1h-3m-6 0a1 1 0 001-1v-4a1 1 0 011-1h2a1 1 0 011 1v4a1 1 0 001 1m-6 0h6"></path>
             </svg>

web/templates/dashboard.html

@@ -121,6 +121,16 @@
 </div>
 
 <script>
+  // Check authentication on page load
+  (function() {
+    const token = localStorage.getItem('atlas_token');
+    if (!token) {
+      // No token, redirect to login
+      window.location.href = '/login?return=' + encodeURIComponent(window.location.pathname);
+      return;
+    }
+  })();
+
   // Fetch dashboard data and update UI
   function updateDashboard() {
     fetch('/api/v1/dashboard')

web/templates/iscsi.html

@@ -73,6 +73,16 @@
 </div>
 
 <script>
+  // Check authentication on page load
+  (function() {
+    const token = localStorage.getItem('atlas_token');
+    if (!token) {
+      // No token, redirect to login
+      window.location.href = '/login?return=' + encodeURIComponent(window.location.pathname);
+      return;
+    }
+  })();
+
 function getAuthHeaders() {
   const token = localStorage.getItem('atlas_token');
   return {

web/templates/login.html

@@ -61,7 +61,7 @@ async function handleLogin(e) {
       }
       
       // Redirect to dashboard or return URL
-      const returnUrl = new URLSearchParams(window.location.search).get('return') || '/';
+      const returnUrl = new URLSearchParams(window.location.search).get('return') || '/dashboard';
       window.location.href = returnUrl;
     } else {
       const errorMsg = (data && data.error) ? data.error : 'Login failed';

web/templates/management.html

@@ -181,6 +181,16 @@
 </div>
 
 <script>
+  // Check authentication on page load
+  (function() {
+    const token = localStorage.getItem('atlas_token');
+    if (!token) {
+      // No token, redirect to login
+      window.location.href = '/login?return=' + encodeURIComponent(window.location.pathname);
+      return;
+    }
+  })();
+
 function getAuthHeaders() {
   const token = localStorage.getItem('atlas_token');
   return {

web/templates/protection.html

@@ -221,6 +221,16 @@
 </div>
 
 <script>
+  // Check authentication on page load
+  (function() {
+    const token = localStorage.getItem('atlas_token');
+    if (!token) {
+      // No token, redirect to login
+      window.location.href = '/login?return=' + encodeURIComponent(window.location.pathname);
+      return;
+    }
+  })();
+
 function getAuthHeaders() {
   const token = localStorage.getItem('atlas_token');
   return {

web/templates/shares.html

@@ -128,6 +128,16 @@
 </div>
 
 <script>
+  // Check authentication on page load
+  (function() {
+    const token = localStorage.getItem('atlas_token');
+    if (!token) {
+      // No token, redirect to login
+      window.location.href = '/login?return=' + encodeURIComponent(window.location.pathname);
+      return;
+    }
+  })();
+
 let currentTab = 'smb';
 
 function switchTab(tab) {

web/templates/storage.html

@@ -259,6 +259,16 @@
 </div>
 
 <script>
+  // Check authentication on page load
+  (function() {
+    const token = localStorage.getItem('atlas_token');
+    if (!token) {
+      // No token, redirect to login
+      window.location.href = '/login?return=' + encodeURIComponent(window.location.pathname);
+      return;
+    }
+  })();
+
 let currentTab = 'pools';
 
 function switchTab(tab) {