appview/notifications: secure count method #948

I noticed this endpoint is public while working on something else. Feel free to disregard if this was intentional, but it looks like the endpoint requires a user session to function anyway.

this is intentional. even though the endpoint is not behind auth middleware, we do an auth check. the reason for this is:

• if a route is guarded by auth middleware, and a user accesses that route, the middleware automatically redirects that user to the login page
• if we do this on the getUnreadCount endpoint (which is called in the background every 30s), the user will get booted to the login page on the next poll, if their session has expired.

this interaction can be a little jarring, to be booted to the login page even when not clicking on an auth'd endpoint; so we employ this workaround.

i think returning an error here instead of an empty 200 could bork the default htmx behavior on error, ill have to test this out locally.

That makes sense!

I don't feel the need for this to change, though I'm always in favor of clearer status codes (and I think you saw the extension I was implementing this integration in, where it was relevant).

If you do still wanna go through with this, I believe setting hx-swap on the response header should negate the issue you mentioned.

*HX-Reswap, sorry. I really miss the ability to edit comments 🤭

gave this a test and it seems to work alright!