From 4e43b5b533a1b56ae21fb1f1bac49d05ce517707 Mon Sep 17 00:00:00 2001
From: Stanislaw Grams <stanislawgrams@gmail.com>
Date: Fri, 13 Feb 2026 08:26:20 +0100
Subject: [PATCH] [fix](trx-frontend-http): grant full access by default when
 auth is disabled

When HTTP authentication is disabled (the default), the /auth/session
endpoint now returns { authenticated: true, role: "control" } instead
of 404. This allows the frontend to proceed without showing a login
gate, providing the expected out-of-the-box experience.

With this change:
- Default behavior: no login required, full control access
- Auth enabled: login gate shown, roles enforced per config

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stanislaw Grams <stanislawgrams@gmail.com>
---
 src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs b/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs
index 2d09980..cb582c4 100644
--- a/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs
+++ b/src/trx-client/trx-frontend/trx-frontend-http/src/auth.rs
@@ -351,8 +351,12 @@ pub async fn session_status(
     req: HttpRequest,
     auth_state: web::Data<AuthState>,
 ) -> Result<impl Responder, Error> {
+    // If auth is disabled, grant full control access without requiring login
     if !auth_state.config.enabled {
-        return Ok(HttpResponse::NotFound().finish());
+        return Ok(HttpResponse::Ok().json(SessionStatus {
+            authenticated: true,
+            role: Some("control".to_string()),
+        }));
     }
 
     let session_id = extract_session_id(&req);