Scarriffle/Audiolib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Cover-Endpoint ohne Auth damit Browser-img-Tags funktionieren

Browse Source 
get_current_user vom /api/items/{id}/cover Endpoint entfernt —
Browser lädt <img src> ohne Bearer-Token, daher kam immer 401 → Placeholder.
Cover-IDs sind UUIDs, kein Sicherheitsrisiko.
Bonus: korrekte media_type Erkennung für PNG/JPEG.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Audiolib
2026-05-26 17:12:20 +02:00
parent a756db9d96
commit 9272bfec5a
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/app/routers/items.py
View File

@@ -135,7 +135,6 @@ async def get_item(
@router.get("/{item_id}/cover")
async def get_cover(
item_id: str,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
):
result = await db.execute(select(LibraryItem).where(LibraryItem.id == item_id))
@@ -144,7 +143,9 @@ async def get_cover(
raise HTTPException(status_code=404, detail="Cover not found")
if not os.path.exists(item.cover_path):
raise HTTPException(status_code=404, detail="Cover file missing")
return FileResponse(item.cover_path, media_type="image/jpeg")
ext = os.path.splitext(item.cover_path)[1].lower()
media_type = "image/png" if ext == ".png" else "image/jpeg"
return FileResponse(item.cover_path, media_type=media_type)
@router.patch("/{item_id}")