// ============================================ // Admin & Preview Pages // Hybrid-Auth: JS-Login-Form, Caddy-basicauth im Hintergrund // ============================================ const ADMIN_USERS = ["alex", "joschi", "jonas"]; const ADMIN_STORAGE_KEY = "cine-admin-creds"; // ---------- Auth Helper ---------- function getStoredCreds() { try { const raw = sessionStorage.getItem(ADMIN_STORAGE_KEY); if (!raw) return null; const { user, basic } = JSON.parse(raw); if (!user || !basic) return null; return { user, basic }; } catch (e) { return null; } } function setStoredCreds(user, basic) { sessionStorage.setItem(ADMIN_STORAGE_KEY, JSON.stringify({ user, basic })); } function clearStoredCreds() { sessionStorage.removeItem(ADMIN_STORAGE_KEY); } function buildBasic(user, password) { // btoa() wirft InvalidCharacterError bei Zeichen > 0xFF (z.B. Umlaute, Emojis). // Wir kodieren daher zuerst nach UTF-8 und mappen jedes Byte in den Latin-1-Bereich, // bevor wir base64-encoden. So funktioniert das auch mit beliebigen Passwoertern. const raw = user + ":" + password; const utf8 = unescape(encodeURIComponent(raw)); return "Basic " + btoa(utf8); } // useAuth hook function useAuth() { const [creds, setCreds] = useState(getStoredCreds()); const isAuthed = !!creds; const user = creds?.user || null; const login = async (u, p) => { const basic = buildBasic(u, p); const res = await fetch("/admin-data/previews.json", { headers: { "Authorization": basic }, cache: "no-store", credentials: "omit", }); if (res.status === 200) { setStoredCreds(u, basic); setCreds({ user: u, basic }); return { ok: true }; } if (res.status === 401) return { ok: false, error: "credentials" }; return { ok: false, error: "network" }; }; const logout = () => { clearStoredCreds(); setCreds(null); }; const authHeader = () => creds?.basic || null; return { user, isAuthed, login, logout, authHeader }; } // Fetch wrapper with auth async function fetchPreviews(authHeader) { if (!authHeader) throw new Error("no-auth"); const res = await fetch("/admin-data/previews.json", { headers: { "Authorization": authHeader }, cache: "no-store", credentials: "omit", }); if (res.status === 401) throw new Error("auth"); if (!res.ok) throw new Error("http-" + res.status); return res.json(); } // ---------- LoginPage ---------- function LoginPage({ nextRoute, onNavigate }) { const { t } = useLang(); const { isAuthed, login } = useAuth(); const [user, setUser] = useState(ADMIN_USERS[0]); const [password, setPassword] = useState(""); const [error, setError] = useState(null); const [submitting, setSubmitting] = useState(false); const pwRef = useRef(null); // Wenn bereits eingeloggt, direkt weiter useEffect(() => { if (isAuthed) onNavigate(nextRoute || { name: "admin" }); }, [isAuthed]); useEffect(() => { pwRef.current?.focus(); }, []); const onSubmit = async (e) => { e.preventDefault(); if (!password || submitting) return; setSubmitting(true); setError(null); const res = await login(user, password); setSubmitting(false); if (res.ok) { onNavigate(nextRoute || { name: "admin" }); } else { setError(res.error === "credentials" ? t("login.error") : t("login.networkError")); setPassword(""); pwRef.current?.focus(); } }; return (

CINEPHILES

{t("login.title")}

{t("login.subtitle")}

); } // ---------- AdminDashboard ---------- function AdminDashboard({ onNavigate }) { const { t } = useLang(); const { user, isAuthed, logout, authHeader } = useAuth(); const [previews, setPreviews] = useState(null); const [loadError, setLoadError] = useState(null); const [copiedSlug, setCopiedSlug] = useState(null); useEffect(() => { if (!isAuthed) { onNavigate({ name: "login" }); return; } let alive = true; fetchPreviews(authHeader()) .then((data) => { if (alive) setPreviews(data.previews || []); }) .catch((err) => { if (!alive) return; if (err.message === "auth") { logout(); onNavigate({ name: "login" }); } else { setLoadError(err.message); } }); return () => { alive = false; }; }, [isAuthed]); const copyLink = async (slug) => { const url = window.location.origin + "/preview/" + slug; try { await navigator.clipboard.writeText(url); setCopiedSlug(slug); setTimeout(() => setCopiedSlug(null), 1800); } catch (e) { // Fallback: prompt window.prompt("Copy link:", url); } }; if (!isAuthed) return null; return (

{t("admin.title")}

{t("admin.subtitle")}

{t("admin.loggedInAs", { user })}

{previews === null && !loadError && (

{t("admin.loading")}

)} {loadError && (

Error: {loadError}

)} {previews && previews.length === 0 && (

{t("admin.empty")}

)} {previews && previews.length > 0 && (

{t("admin.version", { v: p.version })} · {t("admin.added", { date: p.createdAt })}

{p.title}
{p.directors && p.directors.length > 0 && (
{t("admin.directedBy", { names: p.directors.join(", ") })}
)} {p.notes &&
{p.notes}
}

)}

); } // ---------- PreviewPage ---------- function PreviewPage({ slug, onNavigate }) { const { t } = useLang(); const { isAuthed, authHeader, logout } = useAuth(); const [preview, setPreview] = useState(undefined); // undefined=loading, null=notfound, obj=ok const [loadError, setLoadError] = useState(null); useEffect(() => { if (!isAuthed) { onNavigate({ name: "login", next: { name: "preview", slug } }); return; } let alive = true; fetchPreviews(authHeader()) .then((data) => { if (!alive) return; const p = (data.previews || []).find((x) => x.slug === slug); setPreview(p || null); }) .catch((err) => { if (!alive) return; if (err.message === "auth") { onNavigate({ name: "login", next: { name: "preview", slug } }); } else { setLoadError(err.message); setPreview(null); } }); return () => { alive = false; }; }, [isAuthed, slug]); if (!isAuthed) return null; return (

{preview && (

{preview.title} {preview.version}

)}

{t("preview.confidential")}

{preview === undefined && (

{t("preview.loading")}

)} {preview === null && !loadError && (

{t("preview.notFound")}

)} {loadError && (

Error: {loadError}

)} {preview && (

{t("login.title")}

{p.title}