feat: enforce auth gate across linux lab

server.py

@@ -26,15 +26,11 @@ PUBLIC_GET_PATHS = {
     "/",
     "/privacy",
     "/privacy.html",
-    "/api/course",
-    "/api/course/search",
-    "/api/diagnostics",
     "/api/health",
-    "/api/lesson",
-    "/api/overview",
 }
 PUBLIC_POST_PATHS = {
     "/api/login",
+    "/api/logout",
 }
 SAFE_REMOTE_HOST = "xiaoxiaoluohao.indevs.in"
 
@@ -1009,8 +1005,6 @@ class LinuxLearningHandler(http.server.BaseHTTPRequestHandler):
         return False
 
     def check_auth(self, auth_header: str, token: str) -> bool:
-        if self.client_address[0] == "127.0.0.1":
-            return True
         if token == "safe_linux_2026":
             return True
         if auth_header.startswith("Bearer ") and auth_header[7:] == "safe_linux_2026":
@@ -1020,10 +1014,9 @@ class LinuxLearningHandler(http.server.BaseHTTPRequestHandler):
     def require_auth_if_needed(self, path: str, method: str) -> bool:
         if self.is_public_path(path, method):
             return True
-        host = self.headers.get("Host", "")
         auth_header = self.headers.get("Authorization", "")
         token = self.headers.get("X-Token", "")
-        if SAFE_REMOTE_HOST in host and not self.check_auth(auth_header, token):
+        if not self.check_auth(auth_header, token):
             self.send_json({"error": "Authentication required"}, 401)
             return False
         return True