fix: allow public search routes and prevent js redeclaration

This commit is contained in:
2026-04-07 05:14:43 +02:00
parent db235c5d96
commit aff336c15f
2 changed files with 64 additions and 57 deletions

View File

@@ -61,8 +61,10 @@ func RequireAuth(next http.Handler) http.Handler {
// RequireGlobalAuth ensures that a valid user is in the context for all routes except login and static
func RequireGlobalAuth(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Allow unauthenticated access to login and static files
if r.URL.Path == "/login" || strings.HasPrefix(r.URL.Path, "/static/") {
// Allow unauthenticated access to login, search, and static files
if r.URL.Path == "/login" || strings.HasPrefix(r.URL.Path, "/static/") ||
r.URL.Path == "/search" || r.URL.Path == "/api/search" || r.URL.Path == "/api/search-quick" ||
r.URL.Path == "/" {
next.ServeHTTP(w, r)
return
}

View File

@@ -1,62 +1,67 @@
let searchTimeout;
const searchInput = document.getElementById('search-input');
const searchDropdown = document.getElementById('search-dropdown');
(function() {
if (window.searchInitialized) return
window.searchInitialized = true
if (searchInput) {
searchInput.addEventListener('input', function(e) {
clearTimeout(searchTimeout);
const query = e.target.value.trim();
let searchTimeout
const searchInput = document.getElementById('search-input')
const searchDropdown = document.getElementById('search-dropdown')
if (query.length < 2) {
searchDropdown.innerHTML = '';
return;
}
if (searchInput) {
searchInput.addEventListener('input', function(e) {
clearTimeout(searchTimeout)
const query = e.target.value.trim()
searchTimeout = setTimeout(() => {
fetch('/api/search-quick?q=' + encodeURIComponent(query))
.then(res => res.json())
.then(results => {
if (!results || results.length === 0) {
searchDropdown.innerHTML = '';
return;
}
if (query.length < 2) {
searchDropdown.innerHTML = ''
return
}
let html = '<div class="search-results">';
html += '<div class="search-results-title">Anime</div>';
results.forEach(r => {
html += `
<a href="/anime/${r.id}" class="search-result-item">
${r.image ? `<img src="${r.image}" alt="${r.title}" class="search-result-thumb" />` : '<div class="search-result-no-image">no image</div>'}
<div class="search-result-info">
<div class="search-result-title">${escapeHtml(r.title)}</div>
<div class="search-result-type">${r.type}</div>
</div>
</a>
`;
});
html += `<a href="/search?q=${encodeURIComponent(query)}" class="search-result-view-all">View all results for ${escapeHtml(query)}</a>`;
html += '</div>';
searchDropdown.innerHTML = html;
})
.catch(err => console.error('Search error:', err));
}, 300);
});
searchTimeout = setTimeout(() => {
fetch('/api/search-quick?q=' + encodeURIComponent(query))
.then(res => res.json())
.then(results => {
if (!results || results.length === 0) {
searchDropdown.innerHTML = ''
return
}
searchInput.addEventListener('blur', () => {
setTimeout(() => {
searchDropdown.innerHTML = '';
}, 200);
});
let html = '<div class="search-results">'
html += '<div class="search-results-title">Anime</div>'
results.forEach(r => {
html += `
<a href="/anime/${r.id}" class="search-result-item">
${r.image ? `<img src="${r.image}" alt="${r.title}" class="search-result-thumb" />` : '<div class="search-result-no-image">no image</div>'}
<div class="search-result-info">
<div class="search-result-title">${escapeHtml(r.title)}</div>
<div class="search-result-type">${r.type}</div>
</div>
</a>
`
})
html += `<a href="/search?q=${encodeURIComponent(query)}" class="search-result-view-all">View all results for ${escapeHtml(query)}</a>`
html += '</div>'
searchDropdown.innerHTML = html
})
.catch(err => console.error('Search error:', err))
}, 300)
})
document.addEventListener('click', (e) => {
if (!e.target.closest('.header-search-wrapper')) {
searchDropdown.innerHTML = '';
}
});
}
searchInput.addEventListener('blur', () => {
setTimeout(() => {
searchDropdown.innerHTML = ''
}, 200)
})
function escapeHtml(text) {
const div = document.createElement('div');
div.textContent = text;
return div.innerHTML;
}
document.addEventListener('click', (e) => {
if (!e.target.closest('.header-search-wrapper')) {
searchDropdown.innerHTML = ''
}
})
}
function escapeHtml(text) {
const div = document.createElement('div')
div.textContent = text
return div.innerHTML
}
})()