kbondelie/movie-night
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow shared search links to work without login

Browse Source 
- Remove auth from poster proxy (artwork isn't sensitive, API key
  stays server-side)
- Show main screen in read-only mode when ?s= param is present,
  hiding user picker, logout, and re-roll controls
- If viewer happens to be logged in, watch-check still runs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kenny Bondelie
2026-03-14 20:26:52 -07:00
parent 5c7b3feb1f
commit 22cec43b51
2 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/main.py
+2 -5
View File
@@ -2,7 +2,7 @@ import asyncio
import logging import logging
from contextlib import asynccontextmanager from contextlib import asynccontextmanager
from fastapi import FastAPI, Request from fastapi import FastAPI
from fastapi.responses import Response as FastAPIResponse from fastapi.responses import Response as FastAPIResponse
from fastapi.staticfiles import StaticFiles from fastapi.staticfiles import StaticFiles
@@ -41,10 +41,7 @@ except ImportError:
@app.get("/api/poster/{item_id}") @app.get("/api/poster/{item_id}")
async def poster_proxy(item_id: str, request: Request): async def poster_proxy(item_id: str):
from app.routers.auth import get_current_user
await get_current_user(request)
image_data = await get_poster(item_id) image_data = await get_poster(item_id)
if image_data is None: if image_data is None:
return FastAPIResponse(status_code=404) return FastAPIResponse(status_code=404)
app/static/app.js
+29 -2
View File
@@ -506,5 +506,32 @@ document.getElementById('reset-btn').addEventListener('click', () => {
}); });
// --- Init --- // --- Init ---
checkAuth(); async function init() {
loadSharedSearch(); const isShared = await loadSharedSearch();
if (isShared) {
// Show main screen in read-only mode for shared links
document.getElementById('login-screen').classList.add('hidden');
document.getElementById('main-screen').classList.remove('hidden');
// Hide controls that require auth
document.getElementById('user-picker').classList.add('hidden');
document.getElementById('logout-btn').classList.add('hidden');
document.getElementById('user-name').textContent = '';
document.getElementById('reroll-btn').classList.add('hidden');
// Still try to auth in background for watch-check
try {
const res = await fetch(`${API}/api/auth/me`);
if (res.ok) {
currentUser = await res.json();
document.getElementById('user-name').textContent = currentUser.name;
document.getElementById('logout-btn').classList.remove('hidden');
// Now check watch state with the logged-in user
const grid = document.getElementById('results-grid');
const ids = Array.from(grid.querySelectorAll('.movie-card')).map(c => c.dataset.jellyfinId).filter(Boolean);
if (ids.length) await markWatchedCards(ids);
}
} catch { /* not logged in, that's fine */ }
} else {
await checkAuth();
}
}
init();