Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
830e91fdff | ||
|
|
bc95af8027 | ||
|
|
56461fe0bb | ||
|
|
989654f62e | ||
|
|
bf9fbe37c0 | ||
|
|
c83dc7a5e5 | ||
|
|
7999d63e6d | ||
|
|
2bf21fd75f | ||
|
|
e48d823c92 | ||
|
|
84822e79ca |
@@ -73,7 +73,9 @@ export default async function GenrePage({ params }: PageProps) {
|
||||
// Sort
|
||||
genres.sort((a, b) => getLocalizedValue(a.name, locale).localeCompare(getLocalizedValue(b.name, locale)));
|
||||
|
||||
const specials = await prisma.special.findMany();
|
||||
const specials = await prisma.special.findMany({
|
||||
where: { hidden: false },
|
||||
});
|
||||
specials.sort((a, b) => getLocalizedValue(a.name, locale).localeCompare(getLocalizedValue(b.name, locale)));
|
||||
|
||||
const now = new Date();
|
||||
|
||||
95
app/api/covers/[filename]/route.ts
Normal file
95
app/api/covers/[filename]/route.ts
Normal file
@@ -0,0 +1,95 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { stat } from 'fs/promises';
|
||||
import { createReadStream } from 'fs';
|
||||
import path from 'path';
|
||||
|
||||
export async function GET(
|
||||
request: NextRequest,
|
||||
{ params }: { params: Promise<{ filename: string }> }
|
||||
) {
|
||||
try {
|
||||
const { filename } = await params;
|
||||
|
||||
// Security: Prevent path traversal attacks
|
||||
// Allow alphanumeric, hyphens, underscores, and dots for image filenames
|
||||
// Support common image formats: jpg, jpeg, png, gif, webp
|
||||
const safeFilenamePattern = /^[a-zA-Z0-9_\-\.]+\.(jpg|jpeg|png|gif|webp)$/i;
|
||||
if (!safeFilenamePattern.test(filename)) {
|
||||
return new NextResponse('Invalid filename', { status: 400 });
|
||||
}
|
||||
|
||||
// Additional check: ensure no path separators
|
||||
if (filename.includes('/') || filename.includes('\\') || filename.includes('..')) {
|
||||
return new NextResponse('Invalid filename', { status: 400 });
|
||||
}
|
||||
|
||||
const filePath = path.join(process.cwd(), 'public/uploads/covers', filename);
|
||||
|
||||
// Security: Verify the resolved path is still within covers directory
|
||||
const coversDir = path.join(process.cwd(), 'public/uploads/covers');
|
||||
const resolvedPath = path.resolve(filePath);
|
||||
if (!resolvedPath.startsWith(coversDir)) {
|
||||
return new NextResponse('Forbidden', { status: 403 });
|
||||
}
|
||||
|
||||
const stats = await stat(filePath);
|
||||
const fileSize = stats.size;
|
||||
|
||||
// Determine content type based on file extension
|
||||
const ext = filename.toLowerCase().split('.').pop();
|
||||
const contentTypeMap: Record<string, string> = {
|
||||
'jpg': 'image/jpeg',
|
||||
'jpeg': 'image/jpeg',
|
||||
'png': 'image/png',
|
||||
'gif': 'image/gif',
|
||||
'webp': 'image/webp',
|
||||
};
|
||||
const contentType = contentTypeMap[ext || ''] || 'image/jpeg';
|
||||
|
||||
const stream = createReadStream(filePath);
|
||||
|
||||
// Convert Node stream to Web stream
|
||||
const readable = new ReadableStream({
|
||||
start(controller) {
|
||||
let isClosed = false;
|
||||
|
||||
stream.on('data', (chunk: any) => {
|
||||
if (isClosed) return;
|
||||
try {
|
||||
controller.enqueue(chunk);
|
||||
} catch (e) {
|
||||
isClosed = true;
|
||||
stream.destroy();
|
||||
}
|
||||
});
|
||||
|
||||
stream.on('end', () => {
|
||||
if (isClosed) return;
|
||||
isClosed = true;
|
||||
controller.close();
|
||||
});
|
||||
|
||||
stream.on('error', (err: any) => {
|
||||
if (isClosed) return;
|
||||
isClosed = true;
|
||||
controller.error(err);
|
||||
});
|
||||
},
|
||||
cancel() {
|
||||
stream.destroy();
|
||||
}
|
||||
});
|
||||
|
||||
return new NextResponse(readable, {
|
||||
status: 200,
|
||||
headers: {
|
||||
'Content-Length': fileSize.toString(),
|
||||
'Content-Type': contentType,
|
||||
'Cache-Control': 'public, max-age=3600, must-revalidate',
|
||||
},
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Error serving cover image:', error);
|
||||
return new NextResponse('Internal Server Error', { status: 500 });
|
||||
}
|
||||
}
|
||||
@@ -1,9 +1,14 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { PrismaClient } from '@prisma/client';
|
||||
import { requireStaffAuth } from '@/lib/auth';
|
||||
import { access } from 'fs/promises';
|
||||
import path from 'path';
|
||||
|
||||
const prisma = new PrismaClient();
|
||||
|
||||
// Mark route as dynamic to prevent caching
|
||||
export const dynamic = 'force-dynamic';
|
||||
|
||||
export async function GET(
|
||||
request: NextRequest,
|
||||
{ params }: { params: Promise<{ id: string }> }
|
||||
@@ -52,13 +57,40 @@ export async function GET(
|
||||
return NextResponse.json({ error: 'Special not found' }, { status: 404 });
|
||||
}
|
||||
|
||||
// Filtere Songs ohne vollständige Song-Daten (song, song.filename)
|
||||
// Dies verhindert Fehler im Frontend, wenn Songs gelöscht wurden oder Daten fehlen
|
||||
const filteredSongs = special.songs.filter(ss => ss.song && ss.song.filename);
|
||||
// Filtere Songs ohne vollständige Song-Daten und prüfe Datei-Existenz
|
||||
// Dies verhindert Fehler im Frontend, wenn Songs gelöscht wurden, Daten fehlen
|
||||
// oder Dateien noch nicht im Container verfügbar sind (Volume Mount Delay)
|
||||
const uploadsDir = path.join(process.cwd(), 'public/uploads');
|
||||
|
||||
const filteredSongs = await Promise.all(
|
||||
special.songs
|
||||
.filter(ss => ss.song && ss.song.filename)
|
||||
.map(async (ss) => {
|
||||
const filePath = path.join(uploadsDir, ss.song.filename);
|
||||
try {
|
||||
// Prüfe ob Datei existiert und zugänglich ist
|
||||
await access(filePath);
|
||||
return ss;
|
||||
} catch (error) {
|
||||
// Datei existiert nicht oder ist nicht zugänglich
|
||||
console.warn(`[API] Song file not available: ${ss.song.filename} (may be syncing)`);
|
||||
return null;
|
||||
}
|
||||
})
|
||||
);
|
||||
|
||||
// Entferne null-Werte (Songs ohne verfügbare Dateien)
|
||||
const availableSongs = filteredSongs.filter((ss): ss is typeof special.songs[0] => ss !== null);
|
||||
|
||||
return NextResponse.json({
|
||||
...special,
|
||||
songs: filteredSongs,
|
||||
songs: availableSongs,
|
||||
}, {
|
||||
headers: {
|
||||
'Cache-Control': 'no-store, no-cache, must-revalidate, proxy-revalidate',
|
||||
'Pragma': 'no-cache',
|
||||
'Expires': '0',
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -1615,7 +1615,7 @@ export default function CuratorPageClient() {
|
||||
</div>
|
||||
)}
|
||||
|
||||
<div style={{ overflowX: 'auto' }}>
|
||||
<div style={{ overflowX: 'auto', position: 'relative' }}>
|
||||
<table
|
||||
style={{
|
||||
width: '100%',
|
||||
@@ -1686,7 +1686,17 @@ export default function CuratorPageClient() {
|
||||
{t('columnRating')} {sortField === 'averageRating' && (sortDirection === 'asc' ? '↑' : '↓')}
|
||||
</th>
|
||||
<th style={{ padding: '0.5rem' }}>{t('columnExcludeGlobal')}</th>
|
||||
<th style={{ padding: '0.5rem' }}>{t('columnActions')}</th>
|
||||
<th
|
||||
style={{
|
||||
padding: '0.5rem',
|
||||
position: 'sticky',
|
||||
right: 0,
|
||||
backgroundColor: 'white',
|
||||
zIndex: 10,
|
||||
}}
|
||||
>
|
||||
{t('columnActions')}
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
@@ -1701,12 +1711,13 @@ export default function CuratorPageClient() {
|
||||
|
||||
const isSelected = selectedSongIds.has(song.id);
|
||||
|
||||
const rowBackgroundColor = isSelected ? '#eff6ff' : 'white';
|
||||
return (
|
||||
<tr
|
||||
key={song.id}
|
||||
style={{
|
||||
borderBottom: '1px solid #f3f4f6',
|
||||
backgroundColor: isSelected ? '#eff6ff' : 'transparent',
|
||||
backgroundColor: rowBackgroundColor,
|
||||
}}
|
||||
>
|
||||
<td style={{ padding: '0.5rem' }}>
|
||||
@@ -1810,7 +1821,7 @@ export default function CuratorPageClient() {
|
||||
}}
|
||||
>
|
||||
<img
|
||||
src={`/uploads/covers/${song.coverImage}`}
|
||||
src={`/api/covers/${song.coverImage}`}
|
||||
alt={`Cover für ${song.title}`}
|
||||
style={{
|
||||
width: '200px',
|
||||
@@ -2010,6 +2021,10 @@ export default function CuratorPageClient() {
|
||||
style={{
|
||||
padding: '0.5rem',
|
||||
whiteSpace: 'nowrap',
|
||||
position: 'sticky',
|
||||
right: 0,
|
||||
backgroundColor: rowBackgroundColor,
|
||||
zIndex: 10,
|
||||
}}
|
||||
>
|
||||
{isEditing ? (
|
||||
@@ -2025,6 +2040,7 @@ export default function CuratorPageClient() {
|
||||
border: 'none',
|
||||
borderRadius: '0.25rem',
|
||||
cursor: 'pointer',
|
||||
whiteSpace: 'nowrap',
|
||||
}}
|
||||
>
|
||||
💾
|
||||
@@ -2038,6 +2054,7 @@ export default function CuratorPageClient() {
|
||||
border: 'none',
|
||||
borderRadius: '0.25rem',
|
||||
cursor: 'pointer',
|
||||
whiteSpace: 'nowrap',
|
||||
}}
|
||||
>
|
||||
✖
|
||||
|
||||
@@ -32,6 +32,7 @@ export default function CuratorSpecialEditorPage() {
|
||||
}
|
||||
const res = await fetch(`/api/curator/specials/${specialId}`, {
|
||||
headers: getCuratorAuthHeaders(),
|
||||
cache: 'no-store',
|
||||
});
|
||||
if (res.status === 403) {
|
||||
setError(t('specialForbidden'));
|
||||
|
||||
@@ -184,7 +184,7 @@ export default function CurateSpecialEditor({
|
||||
</button>
|
||||
</div>
|
||||
<WaveformEditor
|
||||
audioUrl={`/uploads/${selectedSpecialSong.song.filename}`}
|
||||
audioUrl={`/api/audio/${selectedSpecialSong.song.filename}`}
|
||||
startTime={pendingStartTime ?? selectedSpecialSong.startTime}
|
||||
duration={totalDuration}
|
||||
unlockSteps={unlockSteps}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "hoerdle",
|
||||
"version": "0.1.6.28",
|
||||
"version": "0.1.6.33",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
"dev": "next dev",
|
||||
|
||||
@@ -9,6 +9,79 @@ if [ -f "$HOME/.restic-env" ]; then
|
||||
. "$HOME/.restic-env"
|
||||
fi
|
||||
|
||||
# Extract Gotify variables from .env file if not set (ignore comments and empty lines)
|
||||
if [ -z "$GOTIFY_URL" ] && [ -f ".env" ]; then
|
||||
GOTIFY_URL=$(grep -v '^#' .env | grep -v '^$' | grep '^GOTIFY_URL=' | head -1 | cut -d'=' -f2- | tr -d '"' | tr -d "'" | xargs || echo "")
|
||||
fi
|
||||
|
||||
if [ -z "$GOTIFY_APP_TOKEN" ] && [ -f ".env" ]; then
|
||||
GOTIFY_APP_TOKEN=$(grep -v '^#' .env | grep -v '^$' | grep '^GOTIFY_APP_TOKEN=' | head -1 | cut -d'=' -f2- | tr -d '"' | tr -d "'" | xargs || echo "")
|
||||
fi
|
||||
|
||||
# Extract Gotify variables from docker-compose.yml if not set
|
||||
if [ -z "$GOTIFY_URL" ] && [ -f "docker-compose.yml" ]; then
|
||||
GOTIFY_URL=$(grep -oP 'GOTIFY_URL=\K[^\s]+' docker-compose.yml | head -1 | tr -d '"' | tr -d "'" || echo "")
|
||||
fi
|
||||
|
||||
if [ -z "$GOTIFY_APP_TOKEN" ] && [ -f "docker-compose.yml" ]; then
|
||||
GOTIFY_APP_TOKEN=$(grep -oP 'GOTIFY_APP_TOKEN=\K[^\s]+' docker-compose.yml | head -1 | tr -d '"' | tr -d "'" || echo "")
|
||||
fi
|
||||
|
||||
# Function to send Gotify notification
|
||||
send_gotify_notification() {
|
||||
local title="$1"
|
||||
local message="$2"
|
||||
local priority="${3:-5}"
|
||||
|
||||
# Check if Gotify is configured
|
||||
if [ -z "$GOTIFY_URL" ] || [ -z "$GOTIFY_APP_TOKEN" ]; then
|
||||
echo "⚠️ Gotify not configured (GOTIFY_URL or GOTIFY_APP_TOKEN not set), skipping notification"
|
||||
return 0
|
||||
fi
|
||||
|
||||
echo "📢 Sending Gotify notification..."
|
||||
|
||||
# Send notification (fire and forget, don't fail on error)
|
||||
# Use jq if available for proper JSON encoding, otherwise use simple approach
|
||||
if command -v jq >/dev/null 2>&1; then
|
||||
local json_payload
|
||||
json_payload=$(jq -n \
|
||||
--arg title "$title" \
|
||||
--arg message "$message" \
|
||||
--argjson priority "$priority" \
|
||||
'{title: $title, message: $message, priority: $priority}')
|
||||
|
||||
local curl_exit_code=0
|
||||
curl -sSf -X POST "${GOTIFY_URL}/message?token=${GOTIFY_APP_TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "$json_payload" \
|
||||
>/dev/null 2>&1 || curl_exit_code=$?
|
||||
|
||||
if [ $curl_exit_code -eq 0 ]; then
|
||||
echo "✅ Gotify notification sent successfully"
|
||||
else
|
||||
echo "⚠️ Failed to send Gotify notification (curl exit code: $curl_exit_code)"
|
||||
fi
|
||||
else
|
||||
# Fallback: simple JSON encoding (replace " with \" and newlines with \n)
|
||||
local escaped_title escaped_message
|
||||
escaped_title=$(echo "$title" | sed 's/"/\\"/g')
|
||||
escaped_message=$(echo "$message" | sed 's/"/\\"/g' | sed ':a;N;$!ba;s/\n/\\n/g')
|
||||
|
||||
local curl_exit_code=0
|
||||
curl -sSf -X POST "${GOTIFY_URL}/message?token=${GOTIFY_APP_TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"title\":\"${escaped_title}\",\"message\":\"${escaped_message}\",\"priority\":${priority}}" \
|
||||
>/dev/null 2>&1 || curl_exit_code=$?
|
||||
|
||||
if [ $curl_exit_code -eq 0 ]; then
|
||||
echo "✅ Gotify notification sent successfully"
|
||||
else
|
||||
echo "⚠️ Failed to send Gotify notification (curl exit code: $curl_exit_code)"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
echo "💾 Creating Restic backup..."
|
||||
|
||||
if ! command -v restic >/dev/null 2>&1; then
|
||||
@@ -71,12 +144,32 @@ restic -r "$RESTIC_REPO" backup \
|
||||
|
||||
if [ $RESTIC_EXIT_CODE -eq 0 ]; then
|
||||
echo "✅ Restic backup completed successfully"
|
||||
|
||||
# Send success notification
|
||||
send_gotify_notification \
|
||||
"Hördle Backup: Erfolgreich" \
|
||||
"Restic Backup wurde erfolgreich abgeschlossen.\nDatum: ${CURRENT_DATE}\nCommit: ${CURRENT_COMMIT_SHORT}" \
|
||||
5
|
||||
|
||||
exit 0
|
||||
elif [ $RESTIC_EXIT_CODE -eq 3 ]; then
|
||||
echo "⚠️ Restic backup completed with warnings (some files could not be read), continuing..."
|
||||
|
||||
# Send warning notification
|
||||
send_gotify_notification \
|
||||
"Hördle Backup: Mit Warnungen" \
|
||||
"Restic Backup wurde mit Warnungen abgeschlossen (einige Dateien konnten nicht gelesen werden).\nDatum: ${CURRENT_DATE}\nCommit: ${CURRENT_COMMIT_SHORT}" \
|
||||
7
|
||||
|
||||
exit 0
|
||||
else
|
||||
echo "⚠️ Restic backup failed (exit code: $RESTIC_EXIT_CODE), continuing deployment..."
|
||||
|
||||
# Send error notification
|
||||
send_gotify_notification \
|
||||
"Hördle Backup: Fehlgeschlagen" \
|
||||
"Restic Backup ist fehlgeschlagen (Exit Code: ${RESTIC_EXIT_CODE}).\nDatum: ${CURRENT_DATE}\nCommit: ${CURRENT_COMMIT_SHORT}" \
|
||||
9
|
||||
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user