Fix web dashboard: exempt static assets from auth, fix user-mode uninstall

- Auth middleware now skips /static/ paths and WebSocket upgrades, fixing the blank splash screen (xterm.css and textual.js were 401'd) - Uninstall script now properly stops and removes the user systemd service (~/.config/systemd/user/gniza-web.service) in user mode Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 23:50:43 +02:00
parent 3ebf692b36
commit ef80c6f19e
2 changed files with 25 additions and 6 deletions
--- a/scripts/uninstall.sh
+++ b/scripts/uninstall.sh
@@ -67,12 +67,23 @@ else
 fi

 # ── Remove web service ───────────────────────────────────────
-if systemctl is-active gniza-web &>/dev/null || [[ -f /etc/systemd/system/gniza-web.service ]]; then
-    echo "Removing GNIZA web service..."
-    systemctl stop gniza-web 2>/dev/null || true
-    systemctl disable gniza-web 2>/dev/null || true
-    rm -f /etc/systemd/system/gniza-web.service
-    systemctl daemon-reload
+if [[ "$MODE" == "root" ]]; then
+    if systemctl is-active gniza-web &>/dev/null || [[ -f /etc/systemd/system/gniza-web.service ]]; then
+        info "Removing GNIZA web service (system)..."
+        systemctl stop gniza-web 2>/dev/null || true
+        systemctl disable gniza-web 2>/dev/null || true
+        rm -f /etc/systemd/system/gniza-web.service
+        systemctl daemon-reload
+    fi
+else
+    _user_service="$HOME/.config/systemd/user/gniza-web.service"
+    if systemctl --user is-active gniza-web &>/dev/null || [[ -f "$_user_service" ]]; then
+        info "Removing GNIZA web service (user)..."
+        systemctl --user stop gniza-web 2>/dev/null || true
+        systemctl --user disable gniza-web 2>/dev/null || true
+        rm -f "$_user_service"
+        systemctl --user daemon-reload 2>/dev/null || true
+    fi
 fi

 # ── Remove symlink ───────────────────────────────────────────
--- a/tui/main.py
+++ b/tui/main.py
@@ -122,8 +122,16 @@ def main():

        # Add HTTP Basic Auth if API key is configured
        if web_key:
+            _PUBLIC_PATHS = ("/static/", "/favicon.ico")
+
            @aio_web.middleware
            async def basic_auth_middleware(request, handler):
+                # Allow static assets and WebSocket upgrades without auth
+                if (
+                    any(request.path.startswith(p) for p in _PUBLIC_PATHS)
+                    or request.headers.get("Upgrade", "").lower() == "websocket"
+                ):
+                    return await handler(request)
                auth_header = request.headers.get("Authorization", "")
                if auth_header.startswith("Basic "):
                    try: