diff --git a/backend/src/tools/paywallkiller/routes.js b/backend/src/tools/paywallkiller/routes.js index f486fce..db0137d 100644 --- a/backend/src/tools/paywallkiller/routes.js +++ b/backend/src/tools/paywallkiller/routes.js @@ -41,9 +41,17 @@ function fetchHtml(url, redirects = 0) { }); } -// ── GET /api/tools/paywallkiller/render?url=... ─────────────────────────── +// ── GET /api/tools/paywallkiller/render?url=...&token=... ──────────────── // Holt archive.ph Seite, entfernt Banner + schreibt Links um → sauberes HTML -router.get('/render', authenticate, async (req, res) => { +// Token als Query-Parameter da der Endpoint direkt im Browser geöffnet wird +router.get('/render', (req, res, next) => { + const jwt = require('jsonwebtoken'); + const SECRET = process.env.JWT_SECRET || 'dev-secret'; + const token = req.query.token || (req.headers.authorization || '').replace('Bearer ', ''); + if (!token) return res.status(401).send('Nicht eingeloggt'); + try { req.user = jwt.verify(token, SECRET); next(); } + catch { return res.status(401).send('Token ungültig'); } +}, async (req, res) => { const { url } = req.query; if (!url) return res.status(400).send('url fehlt'); diff --git a/frontend/src/tools/paywallkiller.jsx b/frontend/src/tools/paywallkiller.jsx index 516c1fe..c8816cf 100644 --- a/frontend/src/tools/paywallkiller.jsx +++ b/frontend/src/tools/paywallkiller.jsx @@ -38,9 +38,9 @@ export default function PaywallKiller() { function getRenderUrl() { const snap = snapshotUrl.trim(); - // Snapshot-URL die der User eingefügt hat → über /render bereinigen if (snap && snap.startsWith('https://archive.')) { - return `/api/tools/paywallkiller/render?url=${encodeURIComponent(snap)}`; + const token = localStorage.getItem('sk_token') || ''; + return `/api/tools/paywallkiller/render?url=${encodeURIComponent(snap)}&token=${encodeURIComponent(token)}`; } return null; }