add installer alpha version

2025-12-15 16:38:20 +07:00
parent 732e5aca11
commit b4ef76f0d0
23 changed files with 4279 additions and 136 deletions
--- a/internal/httpapp/auth_middleware.go
+++ b/internal/httpapp/auth_middleware.go
@@ -17,7 +17,7 @@ const (
 // authMiddleware validates JWT tokens and extracts user info
 func (a *App) authMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// Skip auth for public endpoints
+		// Skip auth for public endpoints (includes web UI pages and read-only GET endpoints)
 		if a.isPublicEndpoint(r.URL.Path) {
 			next.ServeHTTP(w, r)
 			return
@@ -101,14 +101,27 @@ func (a *App) requireRole(allowedRoles ...models.Role) func(http.Handler) http.H
 func (a *App) isPublicEndpoint(path string) bool {
 	publicPaths := []string{
 		"/healthz",
+		"/health",
 		"/metrics",
 		"/api/v1/auth/login",
 		"/api/v1/auth/logout",
-		"/", // Dashboard (can be made protected later)
+		"/",                 // Dashboard
+		"/login",            // Login page
+		"/storage",          // Storage management page
+		"/shares",           // Shares page
+		"/iscsi",            // iSCSI page
+		"/protection",       // Data Protection page
+		"/management",       // System Management page
+		"/api/docs",         // API documentation
+		"/api/openapi.yaml", // OpenAPI spec
 	}

 	for _, publicPath := range publicPaths {
-		if path == publicPath || strings.HasPrefix(path, publicPath+"/") {
+		if path == publicPath {
+			return true
+		}
+		// Also allow paths that start with public paths (for sub-pages)
+		if strings.HasPrefix(path, publicPath+"/") {
 			return true
 		}
 	}
@@ -118,6 +131,28 @@ func (a *App) isPublicEndpoint(path string) bool {
 		return true
 	}

+	// Make read-only GET endpoints public for web UI (but require auth for mutations)
+	// This allows the UI to display data without login, but operations require auth
+	publicReadOnlyPaths := []string{
+		"/api/v1/dashboard",         // Dashboard data
+		"/api/v1/disks",             // List disks
+		"/api/v1/pools",             // List pools (GET only)
+		"/api/v1/pools/available",   // List available pools
+		"/api/v1/datasets",          // List datasets (GET only)
+		"/api/v1/zvols",             // List ZVOLs (GET only)
+		"/api/v1/shares/smb",        // List SMB shares (GET only)
+		"/api/v1/exports/nfs",       // List NFS exports (GET only)
+		"/api/v1/iscsi/targets",     // List iSCSI targets (GET only)
+		"/api/v1/snapshots",         // List snapshots (GET only)
+		"/api/v1/snapshot-policies", // List snapshot policies (GET only)
+	}
+
+	for _, publicPath := range publicReadOnlyPaths {
+		if path == publicPath {
+			return true
+		}
+	}
+
 	return false
 }