Add POST /auth/register: creates a non-superuser then auto-logs in,
returning the same TokenResponse as login. Gated by the new
allow_registration setting (env ALLOW_REGISTRATION, default true);
when disabled it raises PermissionDeniedError (403). Accounts remain
admin-only for superusers.
Tests cover create+login, duplicate (409), short password (422), and
the disabled (403) path.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Thin adapters over the existing services/repositories (no business logic):
- system: ping (auth check), getLicense
- browsing: getArtists/getArtist/getAlbum, getAlbumList(2) (newest/alpha/random),
getSong, getGenres, getMusicFolders/getIndexes/getMusicDirectory (one folder)
- search: search3 (delegates to the library repos)
- media: stream + download (reuse StreamingService, honor Range); getCoverArt
returns a placeholder until the cover pipeline lands
- playlists: get/create/update/delete over the playlist repo (owner-scoped)
- annotation: star/unstar → append-only like log, scrobble → play history,
setRating → clean no-op
- all endpoints also accept the .view suffix and GET+POST for client compat
Repo support: album list ordering (newest/random), track genre facets.
README documents the mandatory-HTTPS requirement and app-password workflow.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Senko-san
olly