diff options
| author | Peter Stone <thepeterstone@gmail.com> | 2026-06-29 00:47:14 +0000 |
|---|---|---|
| committer | Peter Stone <thepeterstone@gmail.com> | 2026-06-29 00:47:14 +0000 |
| commit | 541941ceefd7ef267a7fb86bab4344f8561bb959 (patch) | |
| tree | 28a37589fb359359804aa2d19ade652d68146052 /cmd | |
| parent | bdb526f8b5dd798f004645a90de87d4bf528ebcb (diff) | |
feat: register /api/widget routes behind WIDGET_TOKEN bearer auth
Add widget API routes for Android widget integration. Routes use bearer token
authentication and are placed outside session-protected groups. GET
/api/widget returns today's timeline items; POST /api/widget/complete
completes Todoist tasks. Routes only register if WIDGET_TOKEN env var is set.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/dashboard/main.go | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go index 7eb5761..133b684 100644 --- a/cmd/dashboard/main.go +++ b/cmd/dashboard/main.go @@ -193,6 +193,13 @@ func main() { prefix: "/scout", }) } + if cfg.HawaiiURL != "" { + mounts = append(mounts, serviceMount{ + name: "hawaii", + upstream: cfg.HawaiiURL, + prefix: "/hawaii", + }) + } // Rate limiter for auth endpoints authRateLimiter := appmiddleware.NewRateLimiter(config.AuthRateLimitRequests, config.AuthRateLimitWindow) @@ -348,6 +355,17 @@ func main() { r.Get("/ws/notifications", h.HandleWebSocket) }) + // Widget API — bearer token auth, no session required + if cfg.WidgetToken != "" { + widgetAuth := func(next http.Handler) http.Handler { + return handlers.WidgetAuthMiddleware(cfg.WidgetToken, next) + } + r.With(widgetAuth).Get("/api/widget", h.HandleWidgetGet) + r.With(widgetAuth).Post("/api/widget/complete", handlers.HandleWidgetComplete(todoistClient)) + } else { + log.Println("WIDGET_TOKEN not set — /api/widget disabled") + } + // Start server addr := ":" + cfg.Port srv := &http.Server{ |
