StillHammer/videotomp3transcriptor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔓 Move authentication after static files middleware

Browse Source 
Allow public access to HTML interface while keeping API routes protected.

Changes:
- Static files (HTML/CSS/JS) now served before authentication
- API routes remain protected by authenticate middleware
- Improves UX by allowing public landing page access

Date: 2026-01-26
This commit is contained in:
debian.StillHammer 2026-01-26 14:14:50 +00:00
parent 4bb8b85c0e
commit 160e8d0d71
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/server.js
View File

@ -141,9 +141,6 @@ const authenticate = (req, res, next) => {
next();
};
// Apply authentication to all routes
app.use(authenticate);
// Helper function to handle YouTube enhanced errors
function handleYouTubeError(error, res, defaultMessage = 'Operation failed') {
if (error.isEnhanced && error.details) {
@ -152,11 +149,14 @@ function handleYouTubeError(error, res, defaultMessage = 'Operation failed') {
return res.status(500).json({ error: error.message || defaultMessage });
}
// Serve static files (HTML interface)
// Serve static files (HTML interface) - BEFORE authentication to allow public access
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
app.use(express.static(path.join(__dirname, '../public')));
// Apply authentication to all API routes (static files above are exempt)
app.use(authenticate);
// Serve downloaded files
app.use('/files', express.static(OUTPUT_DIR));