alexei.dolgolyov/web-app-launcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: Phases 4-7 — Full Feature Expansion (26 features)

Browse Source 
Phase 4 — New Widget Types:
- Clock/Weather, System Stats, RSS/Feed, Calendar, Markdown,
  Metric/Counter, Link Group, Camera/Stream widgets
- Backend services with caching for each data source
- Full creation form with dynamic config fields per type

Phase 5 — Visual & Styling Enhancements:
- Glassmorphism card style (solid/glass/outline)
- Board-level themes with per-board hue/saturation
- Animated SVG status rings replacing static dots
- Card size options (compact/medium/large)
- Custom CSS injection (admin + per-board, sanitized)
- Wallpaper backgrounds with blur/overlay/parallax

Phase 6 — Functional Features:
- Favorites bar with drag-and-drop reordering
- Recent apps tracking with privacy toggle
- Uptime dashboard page (/status, guest-accessible)
- Notifications system (Discord/Slack/Telegram/HTTP webhooks)
- App tags with filtering in board view
- Multi-URL app cards with expandable sub-links
- Personal API tokens with scoped permissions
- Audit log with retention and admin viewer

Phase 7 — Quality of Life:
- Onboarding wizard (5-step first-launch setup)
- App URL health preview with favicon/title detection
- Board templates (4 built-in + custom import/export)
- Keyboard shortcut overlay (j/k nav, 1-9 boards, ? help)

212 files changed, 15641 insertions, 980 deletions.
Build, lint, type check, and 222 tests all pass.
This commit is contained in:
Admin
2026-03-25 14:18:10 +03:00
parent 8d7847889e
commit 1c0a7cb850
212 changed files with 15642 additions and 981 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/server/middleware/authenticate.ts
+24
View File
@@ -5,10 +5,16 @@ import type { RequestEvent } from '@sveltejs/kit';
* Reusable authentication check helper.
* Throws a redirect to /login if the user is not authenticated.
* Returns the authenticated user from event.locals.
*
* For API routes, also checks for Bearer token in Authorization header.
* If a valid API token is found, the user is set from the token's owner.
*/
export function requireAuth(event: RequestEvent) {
const user = event.locals.user;
if (!user) {
// For API routes, redirect is not appropriate — but we keep the behavior
// consistent with the existing codebase. The hooks.server.ts handles
// API token validation and sets event.locals.user before routes run.
throw redirect(302, '/login');
}
return user;
@@ -20,3 +26,21 @@ export function requireAuth(event: RequestEvent) {
export function isAuthenticated(event: RequestEvent): boolean {
return event.locals.user !== null;
}
/**
* Extract Bearer token from Authorization header, if present.
* Returns the token string or null.
*/
export function extractBearerToken(event: RequestEvent): string | null {
const authHeader = event.request.headers.get('authorization');
if (!authHeader) {
return null;
}
const parts = authHeader.split(' ');
if (parts.length !== 2 || parts[0] !== 'Bearer') {
return null;
}
return parts[1];
}