# teach-server

A self-hosted page hosting platform for single-HTML pages produced by an
HTTP-capable agent (recommended: Claude Code desktop or CLI; Claude Cowork
lacks the tools to complete the bootstrap).
Accounts are invite-only. Pages are public; AI calls on a page are gated by a per-page password.

## Authentication

- GET /auth/salt?email=<email> → { salt } | 401 not-invited | 403 invite-not-redeemed
- POST /auth/login { email, hash } → { api_key, username }
  hash = SHA256(password + salt) (lowercase hex, 64 chars)
- All authenticated non-hosted endpoints accept:
  - Authorization: Bearer <api_key>   (recommended for agents)
  - Cookie: sid=<jwt>                 (browsers)

Store the api_key under <user-workdir>/.teach-server/credentials.json with chmod 600:
  { "base_url": "<public base>", "username": "<u>", "api_key": "tk_..." }

## Uploading a page

POST /api/pages
Authorization: Bearer <api_key>
Content-Type: application/json
{
  "slug": "<a-z0-9-, 3-40 chars>",
  "title": "optional title",
  "html": "<!doctype html>… (single file, ≤ 5 MB, inline CSS/JS)",
  "has_ai": true|false,
  "ai_password": "<1-8 alphanumeric>"   # required when has_ai=true
}
→ { "url": "/u/<username>/<slug>/", "updated_at": "..." }

Re-uploading the same slug overwrites the page. Only one HTML file per page; embed assets as data URIs or reference HTTPS CDNs.

## HTML format rules (CSP — silent failure if ignored)

Served CSP:
  default-src 'self' https:;
  script-src  'self' 'unsafe-inline' https:;
  style-src   'self' 'unsafe-inline' https:;
  img-src     'self' data: https:

- Inline <style> and <script> are allowed — make the page fully self-contained.
- External scripts/styles/fonts must be https:// (http:// is blocked).
- Images: inline SVG, data: URIs, or https:// URLs.
- eval(), new Function(), and string-form setTimeout/setInterval are blocked (no 'unsafe-eval').
- data: URIs for @font-face do NOT work; self-host via an https:// CDN.
- Mixed content (http://) is rejected.
Ignoring these causes CSS to not apply or JS to throw — the page will look broken.

## If the user already built the HTML (audit before upload)

Upload failures are silent: server returns 200, URL works, but CSS/JS breaks client-side.
Before POST /api/pages, Read the file and grep for:
  BLOCKERS: http://, eval(, new Function(, setTimeout/setInterval with string arg, non-https <script src=>/<link href=>
  WARNINGS: @font-face with data: URI src, non-https <iframe src=>
  SIZE: wc -c must be ≤ 5242880
One-liner: grep -En "http://[^\"' ]|eval *\(|new +Function *\(|setTimeout *\( *['\"\`]|setInterval *\( *['\"\`]" page.html
If blockers found: do NOT upload. Show the user line numbers and offer to fix.
If only warnings: may upload, but mention each one in the confirmation.

## Using AI inside a page

The uploaded page's JavaScript should call the proxy at:

POST /api/ai/v1/chat/completions
Headers:
  Content-Type: application/json
  X-Page-Slug: <location.pathname e.g. /u/alice/demo/>
  X-Page-Password: <the page's AI password, asked from the viewer>
Body: OpenAI chat/completions JSON. Supported models (exact IDs only — strict allowlist):
  - gpt-4.1-mini           → OpenAI
  - gpt-4o-mini            → OpenAI
  - gpt-5-nano             → OpenAI
  - gemini-2.5-flash       → Google (models/gemini-2.5-flash also accepted)
Any other model ID returns 400 unsupported-model.
Errors:
  - 401 invalid-page-password
  - 404 page-not-found
  - 429 daily-limit-exceeded
Streaming works; server injects stream_options.include_usage automatically.

## Listing / deleting own pages

- GET /api/pages                                → { pages: [...] }
- GET /api/pages/:slug                          → { slug, ... }
- DELETE /api/pages/:slug                       → { deleted: true }  (Bearer only)
- PATCH /api/pages/:slug/ai-password            → { updated: true }  (Bearer or Cookie+CSRF)

## Constraints

- slug: /^[a-z0-9][a-z0-9-]{1,38}[a-z0-9]$/
- html ≤ 5 MB
- ai_password: /^[a-zA-Z0-9]{1,8}$/
- Daily limit: default 200 requests per user (admin-adjustable)