karim
f42a69c7ed
- Admin-only Seite „Autor:innen": Nutzer anlegen/Passwort setzen/löschen via GoTrue-Admin-API (/api/users, requireAdmin). /api/me liefert isAdmin → Nav zeigt den Punkt nur Admins. - Cover-Bild: Upload-Knopf + Thumbnail (Bilder im Beitrag gingen schon über den WYSIWYG-Editor). - Editor-Metazeile: einzeilige Felder + Dropdowns einheitlich 38px hoch. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
52 lines
2.0 KiB
JavaScript
52 lines
2.0 KiB
JavaScript
import { supabase } from './supabase.js';
|
|
|
|
// Ruft die CMS-API (gleiche Origin) mit dem aktuellen Supabase-Token auf.
|
|
async function call(path, options = {}) {
|
|
const { data } = await supabase.auth.getSession();
|
|
const token = data?.session?.access_token;
|
|
const res = await fetch(`/api${path}`, {
|
|
...options,
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
...(token ? { Authorization: `Bearer ${token}` } : {}),
|
|
...options.headers,
|
|
},
|
|
});
|
|
const json = await res.json().catch(() => ({}));
|
|
if (!res.ok) throw new Error(json.error || `HTTP ${res.status}`);
|
|
return json;
|
|
}
|
|
|
|
// Datei-Upload (multipart): Browser setzt den Header selbst.
|
|
async function uploadFile(file) {
|
|
const { data } = await supabase.auth.getSession();
|
|
const token = data?.session?.access_token;
|
|
const form = new FormData();
|
|
form.append('file', file);
|
|
const res = await fetch('/api/upload', {
|
|
method: 'POST',
|
|
headers: token ? { Authorization: `Bearer ${token}` } : {},
|
|
body: form,
|
|
});
|
|
const json = await res.json().catch(() => ({}));
|
|
if (!res.ok) throw new Error(json.error || `HTTP ${res.status}`);
|
|
return json;
|
|
}
|
|
|
|
export const api = {
|
|
list: () => call('/content'),
|
|
read: (path) => call(`/content/entry?path=${encodeURIComponent(path)}`),
|
|
save: (path, frontmatter, body) =>
|
|
call('/content/entry', { method: 'PUT', body: JSON.stringify({ path, frontmatter, body }) }),
|
|
preview: (path) => call('/preview', { method: 'POST', body: JSON.stringify({ path }) }),
|
|
publish: (path) => call('/publish', { method: 'POST', body: JSON.stringify({ path }) }),
|
|
upload: uploadFile,
|
|
getProfile: () => call('/profile'),
|
|
saveProfile: (p) => call('/profile', { method: 'PUT', body: JSON.stringify(p) }),
|
|
getMe: () => call('/me'),
|
|
listUsers: () => call('/users'),
|
|
createUser: (email, password) => call('/users', { method: 'POST', body: JSON.stringify({ email, password }) }),
|
|
setPassword: (id, password) => call(`/users/${id}`, { method: 'PUT', body: JSON.stringify({ password }) }),
|
|
deleteUser: (id) => call(`/users/${id}`, { method: 'DELETE' }),
|
|
};
|