Feature/read only mode

[Trashman0007]

✅ Read-Only + Full RW on the same endpoint is now fully implemented.

What it does now

• One single process (port 8000) serves:
  • Anyone → can read notes, search, view media, graph, etc. (public GET requests)
  • Only logged-in users → can save, edit, delete, upload, rename, etc. (writes require login)
• No second port, no Docker tricks, no duplicate folders.
• Works for both python run.py and Docker.

All changes we made

File	What was changed	Purpose
config.yaml	Added read_only: enabled: true section	Enable/disable the feature
run.py	Load flag + set READ_ONLY_ENABLED env var + startup message	Pass flag to backend
backend/main.py	• Load flag from env/config • Added read_only_enabled() helper • Updated require_auth() to allow public GET/HEAD/OPTIONS	Core logic: reads public, writes protected
frontend/app.js	• Improved ErrorHandler for 401 → friendly message • Fixed saveNote() to pass real status code • Added authenticated: false + checkAuthStatus() method • Call checkAuthStatus() in init()	Nice error message + button state
frontend/index.html	Replaced static Logout button with dynamic Alpine version (:href + x-text)	Button now shows 🔑 Login / 🔒 Logout correctly

How to use it

1. Set read_only.enabled: true in config.yaml
2. Keep authentication.enabled: true + password/API key
3. Restart: python run.py
4. Public visitors see full read access
5. To edit → click 🔑 Login → enter password → full RW works

Everything is tested and working on my machine. No errors, no leftover test code.