Convert backend from submodule to regular directory

Remove submodule tracking; backend is now a plain directory in the repo.
Also update deploy workflow: remove --recurse-submodules.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/internal/api/router.go

@@ -0,0 +1,106 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+
+	"github.com/jacek/pamietnik/backend/internal/auth"
+	"github.com/jacek/pamietnik/backend/internal/db"
+)
+
+func NewRouter(
+	authStore *auth.Store,
+	tpStore *db.TrackpointStore,
+	stopStore *db.StopStore,
+	suggStore *db.SuggestionStore,
+	journalStore *db.JournalStore,
+	uploadDir string,
+) http.Handler {
+	r := chi.NewRouter()
+	r.Use(middleware.RealIP)
+	r.Use(middleware.Logger)
+	r.Use(middleware.Recoverer)
+
+	webUI := NewWebUI(authStore, tpStore, stopStore, journalStore)
+	journalHandler := NewJournalHandler(journalStore, uploadDir)
+	authMW := RequireAuth(authStore)
+	webAuthMW := requireWebAuth(authStore)
+
+	// Health
+	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("ok"))
+	})
+	r.Get("/readyz", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("ok"))
+	})
+
+	// Ingest (session auth; Android API-Key auth TBD)
+	r.Group(func(r chi.Router) {
+		r.Use(authMW)
+		r.Post("/v1/trackpoints", HandleSingleTrackpoint(tpStore))
+		r.Post("/v1/trackpoints:batch", HandleBatchTrackpoints(tpStore))
+	})
+
+	// Query API (session auth)
+	r.Group(func(r chi.Router) {
+		r.Use(authMW)
+		r.Get("/v1/days", HandleListDays(tpStore))
+		r.Get("/v1/trackpoints", HandleListTrackpoints(tpStore))
+		r.Get("/v1/stops", HandleListStops(stopStore))
+		r.Get("/v1/suggestions", HandleListSuggestions(suggStore))
+	})
+
+	// Static assets (CSS etc.)
+	r.Handle("/static/*", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS()))))
+
+	// Web UI
+	r.Get("/login", webUI.HandleGetLogin)
+	r.Post("/login", webUI.HandlePostLogin)
+	r.Post("/logout", webUI.HandleLogout)
+
+	r.Group(func(r chi.Router) {
+		r.Use(webAuthMW)
+		r.Get("/days", webUI.HandleDaysList)
+		r.Get("/days/redirect", webUI.HandleDaysRedirect)
+		r.Get("/days/{date}", webUI.HandleDayDetail)
+		r.Post("/entries", journalHandler.HandleCreateEntry)
+	})
+
+	// Serve uploaded images
+	r.Handle("/uploads/*", http.StripPrefix("/uploads/", http.FileServer(http.Dir(uploadDir))))
+
+	// SPA (Vite webapp) — served under /app/*
+	spaPrefix := "/app"
+	r.Handle(spaPrefix, http.RedirectHandler(spaPrefix+"/", http.StatusMovedPermanently))
+	r.Handle(spaPrefix+"/*", http.StripPrefix(spaPrefix, SPAHandler(spaPrefix)))
+
+	// Redirect root to Go Web UI /days
+	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+		http.Redirect(w, r, "/days", http.StatusSeeOther)
+	})
+
+	return r
+}
+
+// requireWebAuth redirects to /login for unauthenticated web users (HTML response).
+func requireWebAuth(authStore *auth.Store) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			cookie, err := r.Cookie(sessionCookieName)
+			if err != nil {
+				http.Redirect(w, r, "/login", http.StatusSeeOther)
+				return
+			}
+			sess, err := authStore.GetSession(r.Context(), cookie.Value)
+			if err != nil {
+				http.Redirect(w, r, "/login", http.StatusSeeOther)
+				return
+			}
+			ctx := r.Context()
+			ctx = contextWithUserID(ctx, sess.UserID)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}