Rewrite frontend as single self-contained HTML file — all CSS/JS inline, no external files to fail loading

dist/server/middleware/auth.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.basicAuth = basicAuth;
+const AUTH_USERNAME = process.env.SERVER_USERNAME || 'admin';
+const AUTH_PASSWORD = process.env.SERVER_PASSWORD || 'aidio2024';
+function basicAuth(req, res, next) {
+    // Allow login/check endpoints and all non-API routes (static files, HTML)
+    if (req.path === '/api/auth/login' || req.path === '/api/auth/check' || !req.path.startsWith('/api/')) {
+        next();
+        return;
+    }
+    // Support token via query param for SSE (EventSource doesn't support custom headers)
+    let authHeader = req.headers.authorization;
+    if (!authHeader && req.query.token) {
+        const token = Array.isArray(req.query.token) ? req.query.token[0] : req.query.token;
+        authHeader = `Basic ${token}`;
+    }
+    if (!authHeader || !authHeader.startsWith('Basic ')) {
+        res.setHeader('WWW-Authenticate', 'Basic realm="Audio Description Server"');
+        res.status(401).json({ error: 'Authentication required' });
+        return;
+    }
+    const credentials = Buffer.from(authHeader.slice(6), 'base64').toString('utf-8');
+    const [username, password] = credentials.split(':');
+    if (username === AUTH_USERNAME && password === AUTH_PASSWORD) {
+        next();
+        return;
+    }
+    res.setHeader('WWW-Authenticate', 'Basic realm="Audio Description Server"');
+    res.status(401).json({ error: 'Invalid credentials' });
+}
+//# sourceMappingURL=auth.js.map