From c60381c59aa3a3c8d2a4f11fa14f4a5ef64bc766 Mon Sep 17 00:00:00 2001
From: CaffeineFueled <hello@uphillsecurity.com>
Date: Thu, 19 Mar 2026 21:50:55 +0100
Subject: [PATCH] feat: CHANGE allow ?pw= authentication in the UI as well like
 the /raw http endpoint #18

---
 app.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index cff4fe2..33b2c84 100644
--- a/app.py
+++ b/app.py
@@ -274,6 +274,7 @@ $("#padname").textContent = "/"+docId+"/";
 
 let ws, ver = 0, clientId = Math.random().toString(36).slice(2), debounce;
 let isProtected = false, isAuthed = false;
+const urlPw = new URLSearchParams(location.search).get("pw") || "";
 
 // --- Line numbers ---
 const ta = $("#t");
@@ -382,7 +383,11 @@ function connect(){
       updateLockBtn();
       if (msg.peers !== undefined) { const el = $("#peers"); el.textContent = msg.peers; el.style.display = "inline"; }
       if (isProtected && !isAuthed) {
-        showOverlay();
+        if (urlPw) {
+          ws.send(JSON.stringify({type: "auth", password: urlPw}));
+        } else {
+          showOverlay();
+        }
       } else {
         isAuthed = true;
         hideOverlay();
@@ -394,6 +399,7 @@ function connect(){
       // Real init with content follows immediately from server
     } else if (msg.type === "error") {
       if (!isAuthed) {
+        showOverlay();
         const errEl = $("#auth-error");
         errEl.textContent = msg.message;
         errEl.style.display = "block";