fix: save in-progress UI and server changes

Made-with: Cursor
1 month ago · 1aaa1f22bd
2 changed files with 43 additions and 13 deletions
--- a/chat_ui.html
+++ b/chat_ui.html
@ -5840,14 +5840,18 @@
        }
      })();

-      // ── Auth guard — redirect to login if no token ──
-      const _token = localStorage.getItem('gf_token');
-      if (!_token) {
-        window.location.replace('/login');
+      // ── Auth: auto-fetch token when missing (no login required) ──
+      (async function initAuth() {
+        if (!localStorage.getItem('gf_token')) {
+          try {
+            const r = await fetch('/auth/auto');
+            const d = await r.json();
+            if (d.success && d.token) {
+              localStorage.setItem('gf_token', d.token);
+              if (d.name) localStorage.setItem('gf_user_name', d.name);
+            }
+          } catch { /* continue without token — backend uses env */ }
        }
-
-      // ── Load user profile from localStorage (set at login) ──
-      (function loadUser() {
        const name = localStorage.getItem('gf_user_name') || 'Investor';
        const initials = name.slice(0, 2).toUpperCase();
        document.getElementById('user-avatar').textContent = initials;
@ -9125,7 +9129,7 @@
        localStorage.removeItem('gf_user_email');
        localStorage.removeItem(STORAGE_KEY);
        // Clear session-specific memory (keep watchlist / memory by default — user owns those)
-        window.location.replace('/login');
+        window.location.replace('/');
      });

      // ── Clear session ──
--- a/main.py
+++ b/main.py
@ -5,13 +5,15 @@ from datetime import datetime

 from fastapi import FastAPI, Response
 from fastapi.middleware.cors import CORSMiddleware
-from fastapi.responses import StreamingResponse, HTMLResponse, JSONResponse
+from fastapi.responses import RedirectResponse, StreamingResponse, HTMLResponse, JSONResponse
 from pydantic import BaseModel
 from dotenv import load_dotenv
 import httpx
 from langchain_core.messages import HumanMessage, AIMessage

 load_dotenv()
+# Load agent/.env so ANTHROPIC_API_KEY, GHOSTFOLIO_BEARER_TOKEN, etc. are available
+load_dotenv(os.path.join(os.path.dirname(__file__), "agent", ".env"))

 from graph import build_graph
 from state import AgentState
@ -393,10 +395,34 @@ async def auth_login(req: LoginRequest):
    }


-@app.get("/login", response_class=HTMLResponse, include_in_schema=False)
+@app.get("/auth/auto")
+async def auth_auto():
+    """
+    No-login auth: returns the configured token and user info without credentials.
+    Enables the app to work without a login page.
+    """
+    token = os.getenv("GHOSTFOLIO_BEARER_TOKEN", "")
+    base_url = os.getenv("GHOSTFOLIO_BASE_URL", "http://localhost:3333")
+    display_name = "Investor"
+    try:
+        async with httpx.AsyncClient(timeout=4.0) as client:
+            r = await client.get(
+                f"{base_url}/api/v1/user",
+                headers={"Authorization": f"Bearer {token}"},
+            )
+            if r.status_code == 200:
+                data = r.json()
+                alias = data.get("settings", {}).get("alias") or ""
+                display_name = alias or "Investor"
+    except Exception:
+        pass
+    return {"success": True, "token": token, "name": display_name}
+
+
+@app.get("/login", include_in_schema=False)
 async def login_page():
-    with open(os.path.join(os.path.dirname(__file__), "login.html")) as f:
-        return f.read()
+    """Redirect to chat — login is bypassed."""
+    return RedirectResponse(url="/", status_code=302)


@app.get("/me")