fix serwowanie toasts.js i error handlery

app.py

@@ -250,7 +250,7 @@ def inject_time():
 def inject_has_authorized_cookie():
     return {'has_authorized_cookie': 'authorized' in request.cookies}
 
-@app.before_request
+""" @app.before_request
 def require_system_password():
     if request.endpoint is None:
         return
@@ -281,7 +281,39 @@ def require_system_password():
             from urllib.parse import urlparse, urlunparse
             parsed = urlparse(request.url)
             fixed_url = urlunparse(parsed._replace(netloc=request.host))
-            return redirect(url_for('system_auth', next=fixed_url))
+            return redirect(url_for('system_auth', next=fixed_url)) """
+
+@app.before_request
+def require_system_password():
+    if request.endpoint is None:
+        return
+
+    if request.endpoint in ['forbidden', 'not_found', 'internal_error', 'system_auth']:
+        return
+
+    if 'authorized' not in request.cookies \
+       and request.endpoint != 'system_auth' \
+       and not request.endpoint.startswith('login') \
+       and request.endpoint != 'favicon':
+
+        if request.endpoint == 'static_bp.serve_js':
+            requested_file = request.view_args.get("filename", "")
+            if requested_file == "toasts.js":
+                return
+            if requested_file.endswith(".js"):
+                abort(403)  # dla JS lepiej pokazać błąd, nie auth
+            else:
+                return
+
+        if request.endpoint.startswith('static_bp.'):
+            return
+
+        # Dla głównej strony i innych stron HTML – przekierowanie na auth
+        if request.path == '/':
+            return redirect(url_for('system_auth'))
+        else:
+            return redirect(url_for('system_auth', next=request.url))
+
 
 @app.template_filter('filemtime')
 def file_mtime_filter(path):