Nathan Esquenazi d88419ccfb fix(auth): redirect to /login when auth is enabled and accessing root ...

'/' and '/index.html' were in PUBLIC_PATHS, so setting a password
and refreshing the root URL would show the app blank (JS loaded
but all API calls returned 401) instead of redirecting to /login.

Root and index.html must be protected paths so the browser gets a
302 -> /login when auth is active and no valid session cookie exists.

2026-04-03 06:21:04 -07:00

..

__init__.py

Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish

2026-03-31 07:02:47 +00:00

auth.py

fix(auth): redirect to /login when auth is enabled and accessing root

2026-04-03 06:21:04 -07:00

config.py

fix(auth): harden password_hash handling in settings API

2026-04-03 06:21:04 -07:00

helpers.py

feat: Sprint 19 — password auth, security headers, login page

2026-04-03 05:53:26 -07:00

models.py

feat: Sprint 15 — session projects, code copy button, tool card toggle

2026-04-02 00:11:49 -07:00

routes.py

fix(auth): harden password_hash handling in settings API

2026-04-03 06:21:04 -07:00

streaming.py

refactor: keep only model discovery, drop redundant routing changes

2026-04-02 09:15:41 -07:00

upload.py

Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish

2026-03-31 07:02:47 +00:00

workspace.py

Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish

2026-03-31 07:02:47 +00:00