fix: design-options nutzt Admin-Token für Directus /fields/ Endpoint
/fields/ braucht Admin-Rechte – Session-Token des Users hat keinen Zugriff. DIRECTUS_ADMIN_TOKEN als Konstante (überschreibbar via Env-Var). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
21
app.py
21
app.py
@@ -16,6 +16,7 @@ import anthropic as _anthropic_sdk
|
||||
ANTHROPIC_API_KEY = os.environ.get("ANTHROPIC_API_KEY", "")
|
||||
|
||||
DIRECTUS_URL = "https://db.hejyou.com"
|
||||
DIRECTUS_ADMIN_TOKEN = os.environ.get("DIRECTUS_ADMIN_TOKEN", "Bearer tnBshnvge8KBu0WqykSQvgBperI2j_0b")
|
||||
|
||||
BASE_DIR = Path(__file__).resolve().parent
|
||||
PICTURES_DIR = BASE_DIR / "pictures"
|
||||
@@ -1716,18 +1717,14 @@ def directus_db_pictures():
|
||||
|
||||
@app.route("/api/directus/db-pictures/design-options", methods=["GET"])
|
||||
def directus_db_pictures_design_options():
|
||||
token = request.headers.get("Authorization", "")
|
||||
FALLBACK = [{"text": "Fall | Draw | Spring | Dream", "value": "fall_draw_spring_dream"}]
|
||||
try:
|
||||
data, status = _directus("GET", "/fields/db_pictures/design", token)
|
||||
if status == 200:
|
||||
field_data = data.get("data") or data
|
||||
choices = field_data.get("meta", {}).get("options", {}).get("choices", [])
|
||||
if choices:
|
||||
return jsonify({"choices": choices})
|
||||
except Exception as e:
|
||||
print(f"[design-options] Directus fetch failed: {e}")
|
||||
return jsonify({"choices": FALLBACK})
|
||||
# /fields/ requires admin rights — use the static admin token, not the user session token
|
||||
data, status = _directus("GET", "/fields/db_pictures/design", DIRECTUS_ADMIN_TOKEN)
|
||||
if status != 200:
|
||||
print(f"[design-options] Directus /fields/ returned {status}: {data}")
|
||||
return jsonify({"choices": []}), 200
|
||||
field_data = data.get("data") or data
|
||||
choices = field_data.get("meta", {}).get("options", {}).get("choices", [])
|
||||
return jsonify({"choices": choices})
|
||||
|
||||
|
||||
@app.route("/api/directus/db-pictures/<pic_id>", methods=["PATCH"])
|
||||
|
||||
Reference in New Issue
Block a user