fix login form

internal/httpapp/auth_middleware.go

@@ -107,8 +107,9 @@ func (a *App) isPublicEndpoint(path, method string) bool {
 		"/metrics",
 		"/api/v1/auth/login",
 		"/api/v1/auth/logout",
-		"/",                 // Dashboard
+		"/",                 // Root - redirects to login
 		"/login",            // Login page
+		"/dashboard",        // Dashboard page (frontend will check token)
 		"/storage",          // Storage management page
 		"/shares",           // Shares page
 		"/iscsi",            // iSCSI page

internal/httpapp/handlers.go

@@ -8,6 +8,14 @@ import (
 )
 
 func (a *App) handleDashboard(w http.ResponseWriter, r *http.Request) {
+	// Redirect to login page if not authenticated
+	// Since we use JWT in localStorage (client-side), we'll redirect to login
+	// and let the frontend handle token validation
+	http.Redirect(w, r, "/login", http.StatusFound)
+}
+
+func (a *App) handleDashboardPage(w http.ResponseWriter, r *http.Request) {
+	// This is the actual dashboard page (accessed via /dashboard route)
 	data := map[string]any{
 		"Title": "Dashboard",
 		"Build": map[string]string{

internal/httpapp/routes.go

@@ -12,7 +12,8 @@ func (a *App) routes() {
 	a.mux.Handle("/static/", http.StripPrefix("/static/", fs))
 
 	// Web UI
-	a.mux.HandleFunc("/", a.handleDashboard)
+	a.mux.HandleFunc("/", a.handleDashboard)              // Redirects to login
+	a.mux.HandleFunc("/dashboard", a.handleDashboardPage) // Actual dashboard page
 	a.mux.HandleFunc("/login", a.handleLoginPage)
 	a.mux.HandleFunc("/storage", a.handleStorage)
 	a.mux.HandleFunc("/shares", a.handleShares)