From 0aabf321ef80d22a0f6aaa1b809fecfef3fdd1dc Mon Sep 17 00:00:00 2001
From: DAProgs <info@daprogs.com>
Date: Wed, 11 Mar 2026 11:03:30 -0400
Subject: [PATCH] Added connections link to main page

---
 api/connections.php | 40 +++++++++++++++++++++++++---------------
 index.php           |  7 ++++++-
 version.php         |  2 +-
 3 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/api/connections.php b/api/connections.php
index f421cac..ab1c541 100644
--- a/api/connections.php
+++ b/api/connections.php
@@ -4,37 +4,47 @@
  *
  * Returns connections from the last 10 minutes (or ?minutes=N) as JSON.
  *
- * Authentication: same TRIGGER_TOKEN as trigger.php
- *   Authorization: Bearer <token>
- *   or ?token=<token>
+ * Authentication (any one of):
+ *   - Active web session (logged-in browser)
+ *   - Authorization: Bearer <TRIGGER_TOKEN>
+ *   - ?token=<TRIGGER_TOKEN>
  *
  * Optional query parameters:
  *   minutes  int  Lookback window in minutes (default 10, max 1440)
  *   node_id  int  Filter to a specific node
  */
 
+require_once __DIR__ . '/../includes/auth.php';
 require_once __DIR__ . '/../includes/functions.php';
 
 header('Content-Type: application/json');
 
 // ── Auth ──────────────────────────────────────────────────────────────────────
 
-if (TRIGGER_TOKEN === '') {
-    http_response_code(503);
-    echo json_encode(['error' => 'API is disabled. Set TRIGGER_TOKEN in config.php.']);
-    exit;
+// Accept a valid session from a logged-in browser
+$session_ok = false;
+if (auth_enabled()) {
+    if (session_status() === PHP_SESSION_NONE) {
+        session_start();
+    }
+    $session_ok = !empty($_SESSION['authenticated']);
 }
 
-$provided = '';
-$auth_header = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
-if (str_starts_with($auth_header, 'Bearer ')) {
-    $provided = substr($auth_header, 7);
-}
-if ($provided === '' && isset($_REQUEST['token'])) {
-    $provided = $_REQUEST['token'];
+// Accept a Bearer token or ?token= for programmatic access
+$token_ok = false;
+if (TRIGGER_TOKEN !== '') {
+    $provided = '';
+    $auth_header = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+    if (str_starts_with($auth_header, 'Bearer ')) {
+        $provided = substr($auth_header, 7);
+    }
+    if ($provided === '' && isset($_REQUEST['token'])) {
+        $provided = $_REQUEST['token'];
+    }
+    $token_ok = $provided !== '' && hash_equals(TRIGGER_TOKEN, $provided);
 }
 
-if (!hash_equals(TRIGGER_TOKEN, $provided)) {
+if (!$session_ok && !$token_ok) {
     http_response_code(401);
     echo json_encode(['error' => 'Unauthorized']);
     exit;
diff --git a/index.php b/index.php
index 6520d37..85b1b79 100644
--- a/index.php
+++ b/index.php
@@ -133,7 +133,12 @@ $max_port_cnt = $t_ports ? max(array_column($t_ports, 'cnt')) : 1;
 
 <!-- Recent connections -->
 <div class="card">
-  <h2>Recent connections <?= $filter_node ? '(filtered)' : '' ?></h2>
+  <h2>
+    Recent connections <?= $filter_node ? '(filtered)' : '' ?>
+    <a href="api/connections.php<?= $filter_node ? '?node_id=' . $filter_node : '' ?>"
+       style="float:right;font-size:.75rem;font-weight:400;color:var(--accent);text-decoration:none"
+       target="_blank">JSON API ↗</a>
+  </h2>
   <?php if (empty($recent)): ?>
     <p class="muted">No connections ingested yet. Make sure at least one node is configured and the fetch cron is running.</p>
   <?php else: ?>
diff --git a/version.php b/version.php
index 9fab5af..dd12e06 100644
--- a/version.php
+++ b/version.php
@@ -1,2 +1,2 @@
 <?php
-define('APP_VERSION', '2603.2');
+define('APP_VERSION', '2603.3');