ZDDC/zddc/cmd/zddc-server at e021f14609ac192b4c65d61e7913e51fd569e9a1 - VARASYS/ZDDC

History

ZDDC 62ce6e9f63 feat(server): public landing page (root bypasses dir-level ACL) GET / and GET /index.html previously enforced the root .zddc's top-level acl: gate before serving the landing page. On a deployment where only specific emails are allowed at root, anonymous (and unauthorized) callers got 403 — they couldn't even see the project picker that would tell them which projects were available to them. Make the landing page public: - cmd/zddc-server: drop the AllowedWithChain gate from the apps.Serve("landing") branch; drop it from the IsDir branch when urlPath == "/". - handler/directory.go: matching bypass for ServeDirectory at the root path (covers Accept: application/json and the case where a real /index.html exists on disk). Per-project ACL is preserved end-to-end: - fs.ListDirectory continues to filter sub-entries per email, so anonymous callers see only projects whose .zddc allows them. - Subdirectory requests still hit the ACL gate. Regression test in handler/directory_test.go covers all four cases (anonymous public, anonymous filters out private, admin sees both, anonymous still 403 on private subdir). Full go test ./... passes.	2026-05-03 22:53:14 -05:00
..
main.go	feat(server): public landing page (root bypasses dir-level ACL)	2026-05-03 22:53:14 -05:00
main_test.go	feat(zddc-server): CLI flags, --version, CWD-default ZDDC_ROOT	2026-05-01 15:43:31 -05:00

ZDDC 62ce6e9f63 feat(server): public landing page (root bypasses dir-level ACL)

GET / and GET /index.html previously enforced the root .zddc's
top-level acl: gate before serving the landing page. On a deployment
where only specific emails are allowed at root, anonymous (and
unauthorized) callers got 403 — they couldn't even see the project
picker that would tell them which projects were available to them.

Make the landing page public:
  - cmd/zddc-server: drop the AllowedWithChain gate from the
    apps.Serve("landing") branch; drop it from the IsDir branch when
    urlPath == "/".
  - handler/directory.go: matching bypass for ServeDirectory at the
    root path (covers Accept: application/json and the case where a
    real /index.html exists on disk).

Per-project ACL is preserved end-to-end:
  - fs.ListDirectory continues to filter sub-entries per email, so
    anonymous callers see only projects whose .zddc allows them.
  - Subdirectory requests still hit the ACL gate.

Regression test in handler/directory_test.go covers all four cases
(anonymous public, anonymous filters out private, admin sees both,
anonymous still 403 on private subdir). Full go test ./... passes.

2026-05-03 22:53:14 -05:00

main.go

feat(server): public landing page (root bypasses dir-level ACL)

2026-05-03 22:53:14 -05:00

main_test.go

feat(zddc-server): CLI flags, --version, CWD-default ZDDC_ROOT

2026-05-01 15:43:31 -05:00