[fix](trx-frontend-http): correct map auth and overlay behavior

Treat the SPA entry routes as public so direct requests to /map,\n/decoders, /settings, and /about return the app shell and let\nthe frontend show the login screen instead of a 403.\n\nMove the map filter overlay to the bottom-right corner and color\ndecode contact paths by their decoded band so they match the band\nlegend and locator overlays.\n\nVerified with cargo test -p trx-frontend-http.\n\nCo-authored-by: OpenAI Codex <codex@openai.com>

Signed-off-by: Stan Grams <sjg@haxx.space>

src/trx-client/trx-frontend/trx-frontend-http/assets/web/app.js

@@ -4124,8 +4124,13 @@ function midpointLatLon(a, b) {
 }
 
 function decodeContactPathColor(entry) {
+  if (entry?.bandLabel) return locatorBandChipColor(entry.bandLabel);
   const srcEntry = locatorMarkers.get(entry?.sourceGrid);
-  if (srcEntry) return locatorStyleForEntry(srcEntry, locatorEntryCount(srcEntry)).color;
+  if (srcEntry) {
+    const label = locatorBandLabelForEntry(srcEntry);
+    if (label) return locatorBandChipColor(label);
+    return locatorStyleForEntry(srcEntry, locatorEntryCount(srcEntry)).color;
+  }
   return locatorFilterColor("ft8");
 }
 
@@ -5723,11 +5728,13 @@ function rebuildDecodeContactPaths() {
         }
       }
       if (source && target && source !== target) {
+        const band = bandForHz(Number(detail?.freq_hz));
         directedMessages.push({
           source,
           target,
           sourceGrid: grid,
           tsMs,
+          bandLabel: band?.label || null,
         });
       }
     }
@@ -5747,6 +5754,7 @@ function rebuildDecodeContactPaths() {
       target: msg.target,
       sourceGrid: msg.sourceGrid,
       targetGrid: targetLocator.grid,
+      bandLabel: msg.bandLabel,
       from: sourceCenter,
       to: targetCenter,
       tsMs: msg.tsMs,

src/trx-client/trx-frontend/trx-frontend-http/assets/web/style.css

@@ -1238,8 +1238,8 @@ small { color: var(--text-muted); }
 }
 .map-overlay-panel {
   position: absolute;
-  top: 0.7rem;
-  left: 0.7rem;
+  right: 0.7rem;
+  bottom: 0.7rem;
   z-index: 410;
   display: flex;
   flex-direction: column;
@@ -1259,7 +1259,7 @@ small { color: var(--text-muted); }
 .map-overlay-panel.is-hidden {
   opacity: 0;
   visibility: hidden;
-  transform: translateY(-0.25rem);
+  transform: translateY(0.25rem);
   pointer-events: none;
 }
 .map-corner-controls {

src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs

@@ -399,7 +399,14 @@ impl RouteAccess {
     /// Classify a request path
     fn from_path(path: &str) -> Self {
         // Public routes
-        if path == "/" || path == "/index.html" || path.starts_with("/auth/") {
+        if path == "/"
+            || path == "/index.html"
+            || path == "/map"
+            || path == "/decoders"
+            || path == "/settings"
+            || path == "/about"
+            || path.starts_with("/auth/")
+        {
             return Self::Public;
         }
 
@@ -583,6 +590,10 @@ mod tests {
     #[test]
     fn test_route_access_public_paths() {
         assert_eq!(RouteAccess::from_path("/"), RouteAccess::Public);
+        assert_eq!(RouteAccess::from_path("/map"), RouteAccess::Public);
+        assert_eq!(RouteAccess::from_path("/decoders"), RouteAccess::Public);
+        assert_eq!(RouteAccess::from_path("/settings"), RouteAccess::Public);
+        assert_eq!(RouteAccess::from_path("/about"), RouteAccess::Public);
         assert_eq!(RouteAccess::from_path("/auth/login"), RouteAccess::Public);
         assert_eq!(RouteAccess::from_path("/auth/logout"), RouteAccess::Public);
         assert_eq!(RouteAccess::from_path("/style.css"), RouteAccess::Public);