Add ability to set / as a short link

Author: auravoid

README.md

@@ -127,3 +127,5 @@ If `WEB_UI=true` is set, a web interface is exposed on `http://localhost:8090` (
 * The app uses a BoltDB bucket named `urls` to store key → URL mappings.
 
 * The autogenerated keys are 6 characters drawn from `a-zA-Z0-9`.
+
+* `/` can be set as a short link as well and still function as the list URLs endpoint.

cmd/short-it/main.go

@@ -40,6 +40,7 @@ var rybbitClient = &http.Client{Timeout: 3 * time.Second}
 
 const bucketName = "urls"
 const maxPageSize = 100
+const rootRedirectKey = "_root"
 
 const envAppToken = "APP_TOKEN"
 const envDBPath = "DB_PATH"
@@ -679,9 +680,30 @@ func handleRequest(w http.ResponseWriter, r *http.Request) {
 		case http.MethodPost:
 			authMiddleware(handleCreateShortURL)(w, r)
 		case http.MethodGet:
-			authMiddleware(handleListURLs)(w, r)
+			if r.Header.Get("Authorization") == cfg.AppToken {
+				handleListURLs(w, r)
+				return
+			}
+
+			url, err := getURL(rootRedirectKey)
+			if err == nil {
+				r.URL.Path = "/" 
+				handlePageView(r)
+				http.Redirect(w, r, url, http.StatusFound)
+				return
+			}
+
+			writeJSONError(w, http.StatusUnauthorized, "Unauthorized: Invalid or missing Authorization header token.")
+		case http.MethodPut:
+			authMiddleware(func(w http.ResponseWriter, r *http.Request) {
+				handlePutCustomURL(w, r, rootRedirectKey)
+			})(w, r)
+		case http.MethodDelete:
+			authMiddleware(func(w http.ResponseWriter, r *http.Request) {
+				handleDeleteURL(w, r, rootRedirectKey)
+			})(w, r)
 		default:
-			writeJSONError(w, http.StatusMethodNotAllowed, fmt.Sprintf("Method not allowed: Unsupported HTTP method '%s' on root endpoint. Use POST to create or GET to list.", r.Method))
+			writeJSONError(w, http.StatusMethodNotAllowed, fmt.Sprintf("Method not allowed: Unsupported HTTP method '%s' on root endpoint. Use POST to create, GET to list/redirect, PUT to set root redirect, or DELETE to remove it.", r.Method))
 		}
 		return
 	}

cmd/short-it/main_test.go

@@ -540,4 +540,63 @@ func BenchmarkGetURL(b *testing.B) {
 	for i := 0; i < b.N; i++ {
 		getURL(testKey)
 	}
+}
+
+func TestRootRedirectLogic(t *testing.T) {
+	testDB := setupTestDB(t)
+	defer teardownTestDB(testDB, t)
+
+	originalDB := db
+	originalConfig := cfg
+	db = testDB
+	defer func() {
+		db = originalDB
+		cfg = originalConfig
+	}()
+
+	cfg.AppToken = "test-token"
+	testTarget := "https://portfolio.example.com"
+
+	// 1. Test setting the root redirect via PUT /
+	reqPut := httptest.NewRequest("PUT", "/", nil)
+	reqPut.Header.Set("Authorization", "test-token")
+	reqPut.Header.Set("URL", testTarget)
+	wPut := httptest.NewRecorder()
+	handleRequest(wPut, reqPut)
+
+	if wPut.Code != http.StatusCreated {
+		t.Fatalf("Expected 201 Created for setting root redirect, got %d", wPut.Code)
+	}
+
+	// 2. Test public access (GET / without auth) -> Should Redirect
+	reqPublicGet := httptest.NewRequest("GET", "/", nil)
+	wPublicGet := httptest.NewRecorder()
+	handleRequest(wPublicGet, reqPublicGet)
+
+	if wPublicGet.Code != http.StatusFound {
+		t.Fatalf("Expected 302 Found for public root request, got %d", wPublicGet.Code)
+	}
+	if loc := wPublicGet.Header().Get("Location"); loc != testTarget {
+		t.Errorf("Expected redirect to %s, got %s", testTarget, loc)
+	}
+
+	// 3. Test API access (GET / with auth) -> Should Return JSON List
+	reqApiGet := httptest.NewRequest("GET", "/", nil)
+	reqApiGet.Header.Set("Authorization", "test-token")
+	wApiGet := httptest.NewRecorder()
+	handleRequest(wApiGet, reqApiGet)
+
+	if wApiGet.Code != http.StatusOK {
+		t.Fatalf("Expected 200 OK for API list request, got %d", wApiGet.Code)
+	}
+	
+	// 4. Test deleting the root redirect
+	reqDel := httptest.NewRequest("DELETE", "/", nil)
+	reqDel.Header.Set("Authorization", "test-token")
+	wDel := httptest.NewRecorder()
+	handleRequest(wDel, reqDel)
+
+	if wDel.Code != http.StatusNoContent {
+		t.Fatalf("Expected 204 No Content for deleting root redirect, got %d", wDel.Code)
+	}
 }