Pulse/internal/api
rcourtman 059e8bf562 Redirect to login when authentication expires
Related to #626

When authentication expires after some time, users see "Connection lost"
and must refresh the page to see "Authentication required". This commit
implements automatic redirect to login when authentication expires.

Changes:
- Add authentication check to WebSocket endpoint to prevent unauthenticated
  WebSocket connections
- Handle WebSocket close with code 1008 (policy violation) as auth failure
  and redirect to login
- Intercept 401 responses on API calls (except initial auth checks) and
  automatically redirect to login page
- Clear stored credentials and set logout flag before redirect to ensure
  clean login flow

This provides a better user experience by immediately redirecting to the
login page when the session expires, rather than showing a confusing
"Connection lost" message that requires manual page refresh.
2025-11-05 19:36:01 +00:00
..
alerts.go Implement Pulse tag overrides and alert clear persistence 2025-10-25 14:28:32 +00:00
alerts_test.go Allow printable alert IDs for acknowledgements (#550) 2025-10-14 16:48:22 +00:00
auth.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
auth_scope_test.go Add API token scopes and standalone host agent 2025-10-23 11:40:31 +00:00
bootstrap_token.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
config_handlers.go Add guest URL support for PVE hosts 2025-11-05 19:06:08 +00:00
config_handlers_auto_register_test.go Harden setup token flow and enforce encrypted persistence 2025-10-25 16:00:37 +00:00
config_handlers_cluster_test.go Respect custom ports when discovering Proxmox clusters 2025-10-22 17:42:52 +00:00
config_handlers_setup_script_test.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
csrf_store.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
demo_middleware.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
diagnostics.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
DO_NOT_EDIT_FRONTEND_HERE.md Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
docker_agents.go Auto-clear removal block after successful Docker host stop 2025-10-29 12:40:22 +00:00
docker_metadata.go Consolidate pending changes 2025-10-28 23:20:44 +00:00
frontend_embed.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
guest_metadata.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
host_agents.go Improve host agent onboarding flow 2025-10-25 09:37:29 +00:00
host_agents_test.go perf: reduce polling allocations and guest metadata load 2025-10-25 13:12:47 +00:00
http_metrics.go feat: comprehensive diagnostics and observability improvements 2025-10-21 12:37:39 +00:00
middleware.go feat: comprehensive diagnostics and observability improvements 2025-10-21 12:37:39 +00:00
notifications.go Harden API auth and token handling 2025-10-25 14:54:03 +00:00
oidc_handlers.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
oidc_service.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
rate_limit_config.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
rate_limit_config_test.go test: add X-RateLimit-Limit header regression test 2025-10-20 15:10:59 +00:00
ratelimit.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
README.md Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
recovery_tokens.go perf: reduce polling allocations and guest metadata load 2025-10-25 13:12:47 +00:00
router.go Redirect to login when authentication expires 2025-11-05 19:36:01 +00:00
router_integration_test.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
security.go Fix CSRF token validation and improve token management 2025-11-05 09:23:44 +00:00
security_oidc.go feat: add professional logging with runtime configuration and performance optimization 2025-10-20 15:13:38 +00:00
security_setup_fix.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
security_setup_fix_test.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
security_test.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
security_tokens.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
security_tokens_test.go Add API token scopes and standalone host agent 2025-10-23 11:40:31 +00:00
session_store.go Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
system_settings.go Fix CSRF token validation and improve token management 2025-11-05 09:23:44 +00:00
types.go Add per-node temperature monitoring and fix critical config update bug 2025-11-05 14:11:53 +00:00
updates.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00

Internal API Package

This directory contains the API server implementation for Pulse.

Important Note About frontend-modern/

The frontend-modern/ subdirectory that appears here is:

  • AUTO-GENERATED during builds
  • NOT the source code - just a build artifact
  • IN .gitignore - never committed
  • REQUIRED BY GO - The embed directive needs it here

Frontend Development Location

👉 Edit frontend files at: /opt/pulse/frontend-modern/src/

Why This Structure?

Go's //go:embed directive has limitations:

  1. Cannot use ../ paths to access parent directories
  2. Cannot follow symbolic links
  3. Must embed files within the Go module

This is a known Go limitation and our structure works around it.