feat: add embedded svelte frontend

internal/app/status_test.go

@@ -1,6 +1,7 @@
 package app
 
 import (
+	"encoding/json"
 	"io"
 	"log/slog"
 	"net/http"
@@ -14,29 +15,62 @@ import (
 	"git.warky.dev/wdevs/amcs/internal/config"
 )
 
-func TestRenderHomePageHidesOAuthLinkWhenDisabled(t *testing.T) {
+func TestStatusSnapshotHidesOAuthLinkWhenDisabled(t *testing.T) {
 	tracker := auth.NewAccessTracker()
-	page := renderHomePage(buildinfo.Info{Version: "v1.2.3", BuildDate: "2026-04-04", Commit: "abc123"}, tracker, false, time.Date(2026, 4, 4, 12, 0, 0, 0, time.UTC))
+	snapshot := statusSnapshot(buildinfo.Info{Version: "v1.2.3", BuildDate: "2026-04-04", Commit: "abc123"}, tracker, false, time.Date(2026, 4, 4, 12, 0, 0, 0, time.UTC))
 
-	if strings.Contains(page, "/oauth-authorization-server") {
-		t.Fatal("page unexpectedly contains OAuth link")
+	if snapshot.OAuthEnabled {
+		t.Fatal("OAuthEnabled = true, want false")
 	}
-	if !strings.Contains(page, "Connected users") {
-		t.Fatal("page missing Connected users stat")
+	if snapshot.ConnectedCount != 0 {
+		t.Fatalf("ConnectedCount = %d, want 0", snapshot.ConnectedCount)
+	}
+	if snapshot.Title == "" {
+		t.Fatal("Title = empty, want non-empty")
 	}
 }
 
-func TestRenderHomePageShowsTrackedAccess(t *testing.T) {
+func TestStatusSnapshotShowsTrackedAccess(t *testing.T) {
 	tracker := auth.NewAccessTracker()
 	now := time.Date(2026, 4, 4, 12, 0, 0, 0, time.UTC)
 	tracker.Record("client-a", "/files", "127.0.0.1:1234", "tester", now)
 
-	page := renderHomePage(buildinfo.Info{Version: "v1.2.3"}, tracker, true, now)
+	snapshot := statusSnapshot(buildinfo.Info{Version: "v1.2.3"}, tracker, true, now)
 
-	for _, needle := range []string{"client-a", "/files", "1</span>", "/oauth-authorization-server"} {
-		if !strings.Contains(page, needle) {
-			t.Fatalf("page missing %q", needle)
-		}
+	if !snapshot.OAuthEnabled {
+		t.Fatal("OAuthEnabled = false, want true")
+	}
+	if snapshot.ConnectedCount != 1 {
+		t.Fatalf("ConnectedCount = %d, want 1", snapshot.ConnectedCount)
+	}
+	if len(snapshot.Entries) != 1 {
+		t.Fatalf("len(Entries) = %d, want 1", len(snapshot.Entries))
+	}
+	if snapshot.Entries[0].KeyID != "client-a" || snapshot.Entries[0].LastPath != "/files" {
+		t.Fatalf("entry = %+v, want keyID client-a and path /files", snapshot.Entries[0])
+	}
+}
+
+func TestStatusAPIHandlerReturnsJSON(t *testing.T) {
+	handler := statusAPIHandler(buildinfo.Info{Version: "v1"}, auth.NewAccessTracker(), true)
+	req := httptest.NewRequest(http.MethodGet, "/api/status", nil)
+	rec := httptest.NewRecorder()
+
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
+	}
+	if got := rec.Header().Get("Content-Type"); !strings.Contains(got, "application/json") {
+		t.Fatalf("content-type = %q, want application/json", got)
+	}
+
+	var payload statusAPIResponse
+	if err := json.Unmarshal(rec.Body.Bytes(), &payload); err != nil {
+		t.Fatalf("json.Unmarshal() error = %v", err)
+	}
+	if payload.Version != "v1" {
+		t.Fatalf("version = %q, want %q", payload.Version, "v1")
 	}
 }
 
@@ -55,6 +89,21 @@ func TestHomeHandlerAllowsHead(t *testing.T) {
 	}
 }
 
+func TestHomeHandlerServesIndex(t *testing.T) {
+	handler := homeHandler(buildinfo.Info{Version: "v1"}, auth.NewAccessTracker(), false)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rec := httptest.NewRecorder()
+
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
+	}
+	if !strings.Contains(rec.Body.String(), "<div id=\"app\"></div>") {
+		t.Fatalf("body = %q, want embedded UI index", rec.Body.String())
+	}
+}
+
 func TestMiddlewareRecordsAuthenticatedAccess(t *testing.T) {
 	keyring, err := auth.NewKeyring([]config.APIKey{{ID: "client-a", Value: "secret"}})
 	if err != nil {