fix: design-options nutzt Admin-Token für Directus /fields/ Endpoint

/fields/ braucht Admin-Rechte – Session-Token des Users hat keinen Zugriff.
DIRECTUS_ADMIN_TOKEN als Konstante (überschreibbar via Env-Var).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-10 20:20:24 +02:00
parent 255ec51858
commit 79d1f2ba21

15
app.py
View File

@@ -16,6 +16,7 @@ import anthropic as _anthropic_sdk
ANTHROPIC_API_KEY = os.environ.get("ANTHROPIC_API_KEY", "")
DIRECTUS_URL = "https://db.hejyou.com"
DIRECTUS_ADMIN_TOKEN = os.environ.get("DIRECTUS_ADMIN_TOKEN", "Bearer tnBshnvge8KBu0WqykSQvgBperI2j_0b")
BASE_DIR = Path(__file__).resolve().parent
PICTURES_DIR = BASE_DIR / "pictures"
@@ -1716,18 +1717,14 @@ def directus_db_pictures():
@app.route("/api/directus/db-pictures/design-options", methods=["GET"])
def directus_db_pictures_design_options():
token = request.headers.get("Authorization", "")
FALLBACK = [{"text": "Fall | Draw | Spring | Dream", "value": "fall_draw_spring_dream"}]
try:
data, status = _directus("GET", "/fields/db_pictures/design", token)
if status == 200:
# /fields/ requires admin rights — use the static admin token, not the user session token
data, status = _directus("GET", "/fields/db_pictures/design", DIRECTUS_ADMIN_TOKEN)
if status != 200:
print(f"[design-options] Directus /fields/ returned {status}: {data}")
return jsonify({"choices": []}), 200
field_data = data.get("data") or data
choices = field_data.get("meta", {}).get("options", {}).get("choices", [])
if choices:
return jsonify({"choices": choices})
except Exception as e:
print(f"[design-options] Directus fetch failed: {e}")
return jsonify({"choices": FALLBACK})
@app.route("/api/directus/db-pictures/<pic_id>", methods=["PATCH"])