fix: media – authenticate middleware, doppelter Route-Load, DevTools-Layout

This commit is contained in:
2026-06-06 17:57:59 +02:00
parent 5717e67b6d
commit 3bcc1cd9e6
3 changed files with 157 additions and 94 deletions

View File

@@ -1,7 +1,7 @@
const express = require('express');
const router = express.Router();
const db = require('../../db');
const { requireAdmin } = require('../../middleware/auth');
const { authenticate, requireAdmin } = require('../../middleware/auth');
const TMDB_BASE = 'https://api.themoviedb.org/3';
@@ -23,8 +23,7 @@ async function tmdb(path, params = {}) {
return res.json();
}
// GET /api/tools/media/now-playing
router.get('/now-playing', async (req, res) => {
router.get('/now-playing', authenticate, async (req, res) => {
try {
const data = await tmdb('/movie/now_playing');
res.json(data.results.slice(0, 10));
@@ -33,8 +32,7 @@ router.get('/now-playing', async (req, res) => {
}
});
// GET /api/tools/media/upcoming
router.get('/upcoming', async (req, res) => {
router.get('/upcoming', authenticate, async (req, res) => {
try {
const data = await tmdb('/movie/upcoming');
res.json(data.results.slice(0, 10));
@@ -43,16 +41,14 @@ router.get('/upcoming', async (req, res) => {
}
});
// GET /api/tools/media/favorites
router.get('/favorites', (req, res) => {
router.get('/favorites', authenticate, (req, res) => {
const rows = db.prepare(
'SELECT * FROM movie_favorites WHERE user_id=? ORDER BY added_at DESC'
).all(req.user.id);
res.json(rows);
});
// POST /api/tools/media/favorites
router.post('/favorites', (req, res) => {
router.post('/favorites', authenticate, (req, res) => {
const { tmdb_id, title, poster_path, release_date_de } = req.body;
if (!tmdb_id) return res.status(400).json({ error: 'tmdb_id fehlt' });
try {
@@ -65,21 +61,18 @@ router.post('/favorites', (req, res) => {
}
});
// DELETE /api/tools/media/favorites/:tmdb_id
router.delete('/favorites/:tmdb_id', (req, res) => {
router.delete('/favorites/:tmdb_id', authenticate, (req, res) => {
db.prepare('DELETE FROM movie_favorites WHERE user_id=? AND tmdb_id=?')
.run(req.user.id, Number(req.params.tmdb_id));
res.json({ ok: true });
});
// GET /api/tools/media/settings (admin only)
router.get('/settings', requireAdmin, (req, res) => {
router.get('/settings', authenticate, requireAdmin, (req, res) => {
const token = getToken();
res.json({ configured: !!token });
});
// PUT /api/tools/media/settings (admin only)
router.put('/settings', requireAdmin, (req, res) => {
router.put('/settings', authenticate, requireAdmin, (req, res) => {
const { tmdb_token } = req.body;
if (typeof tmdb_token !== 'string') return res.status(400).json({ error: 'tmdb_token fehlt' });
db.prepare('INSERT OR REPLACE INTO admin_settings (key,value) VALUES (?,?)').run('tmdb_token', tmdb_token.trim());