image fixes
This commit is contained in:
+9
-2
@@ -2,6 +2,7 @@ import express from 'express';
|
||||
import cors from 'cors';
|
||||
import path from 'path';
|
||||
import './db/schema'; // initialize DB + bootstrap admin
|
||||
import { UPLOAD_PATH } from './db/schema';
|
||||
import { requireAuth } from './middleware/auth';
|
||||
import authRouter from './routes/auth';
|
||||
import projectsRouter from './routes/projects';
|
||||
@@ -16,13 +17,19 @@ const PORT = Number(process.env.PORT || 3000);
|
||||
app.use(cors());
|
||||
app.use(express.json({ limit: '10mb' }));
|
||||
|
||||
// Public — auth endpoints (login doesn't require token)
|
||||
// Public — auth endpoints
|
||||
app.use('/api/auth', authRouter);
|
||||
|
||||
// Public — serve uploaded files as static assets.
|
||||
// <img> tags and markdown renderers can't send Authorization headers,
|
||||
// so file reads must be unauthenticated. POST/DELETE in uploadsRouter
|
||||
// are still protected by requireAuth inside the router.
|
||||
app.use('/api/uploads', express.static(UPLOAD_PATH));
|
||||
|
||||
// Protected — all other API routes require a valid JWT
|
||||
app.use('/api/projects', requireAuth, projectsRouter);
|
||||
app.use('/api/tools', requireAuth, toolsRouter);
|
||||
app.use('/api/uploads', requireAuth, uploadsRouter);
|
||||
app.use('/api/uploads', requireAuth, uploadsRouter); // handles POST + DELETE only
|
||||
app.use('/api/settings', requireAuth, settingsRouter);
|
||||
app.use('/api/users', usersRouter); // requireAdmin applied inside router
|
||||
|
||||
|
||||
Reference in New Issue
Block a user