Allow shared search links to work without login
- Remove auth from poster proxy (artwork isn't sensitive, API key stays server-side) - Show main screen in read-only mode when ?s= param is present, hiding user picker, logout, and re-roll controls - If viewer happens to be logged in, watch-check still runs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
+2
-5
@@ -2,7 +2,7 @@ import asyncio
|
||||
import logging
|
||||
from contextlib import asynccontextmanager
|
||||
|
||||
from fastapi import FastAPI, Request
|
||||
from fastapi import FastAPI
|
||||
from fastapi.responses import Response as FastAPIResponse
|
||||
from fastapi.staticfiles import StaticFiles
|
||||
|
||||
@@ -41,10 +41,7 @@ except ImportError:
|
||||
|
||||
|
||||
@app.get("/api/poster/{item_id}")
|
||||
async def poster_proxy(item_id: str, request: Request):
|
||||
from app.routers.auth import get_current_user
|
||||
await get_current_user(request)
|
||||
|
||||
async def poster_proxy(item_id: str):
|
||||
image_data = await get_poster(item_id)
|
||||
if image_data is None:
|
||||
return FastAPIResponse(status_code=404)
|
||||
|
||||
+29
-2
@@ -506,5 +506,32 @@ document.getElementById('reset-btn').addEventListener('click', () => {
|
||||
});
|
||||
|
||||
// --- Init ---
|
||||
checkAuth();
|
||||
loadSharedSearch();
|
||||
async function init() {
|
||||
const isShared = await loadSharedSearch();
|
||||
if (isShared) {
|
||||
// Show main screen in read-only mode for shared links
|
||||
document.getElementById('login-screen').classList.add('hidden');
|
||||
document.getElementById('main-screen').classList.remove('hidden');
|
||||
// Hide controls that require auth
|
||||
document.getElementById('user-picker').classList.add('hidden');
|
||||
document.getElementById('logout-btn').classList.add('hidden');
|
||||
document.getElementById('user-name').textContent = '';
|
||||
document.getElementById('reroll-btn').classList.add('hidden');
|
||||
// Still try to auth in background for watch-check
|
||||
try {
|
||||
const res = await fetch(`${API}/api/auth/me`);
|
||||
if (res.ok) {
|
||||
currentUser = await res.json();
|
||||
document.getElementById('user-name').textContent = currentUser.name;
|
||||
document.getElementById('logout-btn').classList.remove('hidden');
|
||||
// Now check watch state with the logged-in user
|
||||
const grid = document.getElementById('results-grid');
|
||||
const ids = Array.from(grid.querySelectorAll('.movie-card')).map(c => c.dataset.jellyfinId).filter(Boolean);
|
||||
if (ids.length) await markWatchedCards(ids);
|
||||
}
|
||||
} catch { /* not logged in, that's fine */ }
|
||||
} else {
|
||||
await checkAuth();
|
||||
}
|
||||
}
|
||||
init();
|
||||
|
||||
Reference in New Issue
Block a user