Files
AvianVisitors/avian/api/menu.php
T
Twarner491 2dcb6d2fc3 Frontend: verbatim apt.ts lift + restored menu drawer
Pulls the live rendered HTML/CSS/JS from the working repo:
- styles.css: 1449 lines, full live palette + chrome rules
- index.html: live <body> structure with stats sidebar, atlas with
  svg sort icons, full detail-modal (pose toggle, recordings list,
  wiki/ebird chips), about modal
- apt.js: 2760 lines of live JS verbatim, URLs rewired:
  - /api/{recent,lifelist,firstseen,timeseries,stats,species}.json
    → ../api/birdnet-api.php?action=X
  - /api/img and /api/sketch → ../api/cutout.php
  - /api/recording and /api/spectrogram → ../api/{name}.php
  - /api/menu → ../api/menu.php (new)
  - /birdnet/stream → '' (live audio is admin-only, stripped)
  - admin endpoints (/api/auth, /api/config, /api/status, /api/regen,
    /api/wiki) left to 404 silently - the live .catch() handlers
    already absorb them

Menu drawer restored. Defaults to <body class='av-local'> which CSS
toggles to show items directly without the lock screen. Forwarded
deploys switch to av-forwarded + set AV_REQUIRE_AUTH=1 in php-fpm
env + Caddy basic_auth on /avian/api/ - see avian/forwarding/.

avian/api/menu.php: returns AvianVisitors drawer items (BirdNET-Pi UI,
logs, system, github link). 401s in forwarded mode when no
Authorization header arrives.
2026-05-28 11:55:36 -07:00

37 lines
1.6 KiB
PHP

<?php
// AvianVisitors - drawer menu items.
//
// Returns the list of links shown in the side drawer when a user clicks
// the menu button. The live JS expects {items: [{label, href, native}]}.
//
// Default LAN deploy: returns items immediately, no auth.
// Forwarded deploy: set AV_REQUIRE_AUTH=1 in /etc/avian/env (or in your
// php-fpm pool's env block) AND configure Caddy basic_auth on /avian/api/
// to force the lock screen.
declare(strict_types=1);
header('Content-Type: application/json; charset=utf-8');
header('Cache-Control: no-store');
// If forwarded mode is on AND no Basic-auth header arrived, 401 so the
// frontend shows the lock screen. The actual credential check is done
// by Caddy (basic_auth directive in forwarding/caddy-auth.caddy); this
// PHP only checks that *some* Authorization header reached us.
if (getenv('AV_REQUIRE_AUTH') === '1' && empty($_SERVER['HTTP_AUTHORIZATION'])) {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
echo json_encode([
'items' => [
// Stock BirdNET-Pi UI (sits at the site root)
['label' => 'birdnet-pi', 'href' => '/', 'native' => false],
// BirdNET-Pi log view (php served at /views.php)
['label' => 'logs', 'href' => '/views.php?view=Log+Out', 'native' => false],
['label' => 'system', 'href' => '/views.php?view=Services', 'native' => false],
// AvianVisitors docs + source
['label' => 'avianvisitors', 'href' => 'https://github.com/Twarner491/AvianVisitors', 'native' => false],
],
]);