From 160e8d0d712dc2f40d5636a75e0ea023cc5152f0 Mon Sep 17 00:00:00 2001 From: "debian.StillHammer" Date: Mon, 26 Jan 2026 14:14:50 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=93=20Move=20authentication=20after=20?= =?UTF-8?q?static=20files=20middleware?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow public access to HTML interface while keeping API routes protected. Changes: - Static files (HTML/CSS/JS) now served before authentication - API routes remain protected by authenticate middleware - Improves UX by allowing public landing page access Date: 2026-01-26 --- src/server.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/server.js b/src/server.js index ee883da..842bf8e 100644 --- a/src/server.js +++ b/src/server.js @@ -141,9 +141,6 @@ const authenticate = (req, res, next) => { next(); }; -// Apply authentication to all routes -app.use(authenticate); - // Helper function to handle YouTube enhanced errors function handleYouTubeError(error, res, defaultMessage = 'Operation failed') { if (error.isEnhanced && error.details) { @@ -152,11 +149,14 @@ function handleYouTubeError(error, res, defaultMessage = 'Operation failed') { return res.status(500).json({ error: error.message || defaultMessage }); } -// Serve static files (HTML interface) +// Serve static files (HTML interface) - BEFORE authentication to allow public access const __filename = fileURLToPath(import.meta.url); const __dirname = path.dirname(__filename); app.use(express.static(path.join(__dirname, '../public'))); +// Apply authentication to all API routes (static files above are exempt) +app.use(authenticate); + // Serve downloaded files app.use('/files', express.static(OUTPUT_DIR));